Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
Analysis ID:1435791
MD5:8d6e0fa54df379d380222a4051ab848c
SHA1:aaf9a4b13c41beb62d8b40440a37e999c512a33a
SHA256:bc85f6c9d136388898852a62309eef10a34b3118fd024281e14e468594c2ff9f
Tags:exeRiseProStealer
Infos:

Detection

RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RisePro Stealer
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject threads in other processes
Found many strings related to Crypto-Wallets (likely being stolen)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
PE file has nameless sections
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe (PID: 796 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe" MD5: 8D6E0FA54DF379D380222A4051AB848C)
    • schtasks.exe (PID: 7148 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 6688 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 1544 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 1980 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • chrome.exe (PID: 5600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • MPGPH131.exe (PID: 6788 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 8D6E0FA54DF379D380222A4051AB848C)
      • WerFault.exe (PID: 7116 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 1896 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • chrome.exe (PID: 7576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4433995280801359943,15790253874222841577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • MPGPH131.exe (PID: 7212 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 8D6E0FA54DF379D380222A4051AB848C)
    • WerFault.exe (PID: 7204 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 1260 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • RageMP131.exe (PID: 8700 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 8D6E0FA54DF379D380222A4051AB848C)
    • WerFault.exe (PID: 8040 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 2004 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • RageMP131.exe (PID: 9080 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 8D6E0FA54DF379D380222A4051AB848C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\_GC5VU0C8TlDHIYOayOodaC.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    C:\Users\user\AppData\Local\Temp\6vITM1PSugWZudEYSR57YQU.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
      C:\Users\user\AppData\Local\Temp\gWpl3DKIKrL9jhWS6lgcZ2J.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            00000008.00000002.2092162134.0000000001A27000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 30 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, ProcessId: 796, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131

                  Snort Signatures

                  Timestamp:05/03/24-07:23:28.105870
                  SID:2046269
                  Source Port:49763
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:22:59.725168
                  SID:2046267
                  Source Port:58709
                  Destination Port:49730
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:22:56.225615
                  SID:2046266
                  Source Port:58709
                  Destination Port:49730
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:22:59.405493
                  SID:2046269
                  Source Port:49730
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:15.979133
                  SID:2046269
                  Source Port:49745
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:24.180700
                  SID:2046266
                  Source Port:58709
                  Destination Port:49763
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:42.768589
                  SID:2046267
                  Source Port:58709
                  Destination Port:49763
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:27.210544
                  SID:2046269
                  Source Port:49760
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:16.615218
                  SID:2046266
                  Source Port:58709
                  Destination Port:49760
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:19.547675
                  SID:2046267
                  Source Port:58709
                  Destination Port:49760
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:22:56.058203
                  SID:2049060
                  Source Port:49730
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:16.143178
                  SID:2046269
                  Source Port:49744
                  Destination Port:58709
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:05.888918
                  SID:2046266
                  Source Port:58709
                  Destination Port:49745
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:05.759701
                  SID:2046266
                  Source Port:58709
                  Destination Port:49744
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:08.989573
                  SID:2046267
                  Source Port:58709
                  Destination Port:49744
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:05/03/24-07:23:09.005119
                  SID:2046267
                  Source Port:58709
                  Destination Port:49745
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://147.45.47.102:57893/hera/amadka.exeAvira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeAvira: detection malicious, Label: HEUR/AGEN.1306558
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeAvira: detection malicious, Label: HEUR/AGEN.1306558
                  Multi AV Scanner detection for domain / URL
                  Source: http://147.45.47.102:57893/hera/amadka.exeotVirustotal: Detection: 15%Perma Link
                  Source: http://147.45.47.102:57893/hera/amadka.exe68.0Virustotal: Detection: 15%Perma Link
                  Source: http://193.233.132.56/cost/go.exeVirustotal: Detection: 25%Perma Link
                  Source: http://147.45.47.102:57893/hera/amadka.exeVirustotal: Detection: 18%Perma Link
                  Source: http://193.233.132.56/cost/lenin.exeVirustotal: Detection: 26%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 50%
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeVirustotal: Detection: 58%Perma Link
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 50%
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeVirustotal: Detection: 58%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeReversingLabs: Detection: 50%
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeVirustotal: Detection: 58%Perma Link
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00643EB0 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,0_2_00643EB0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00823EB0 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,7_2_00823EB0
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49737 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49754 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49762 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49779 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49781 version: TLS 1.2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006433B0 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_006433B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00611A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,0_2_00611A60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00663B20 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_00663B20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B1F8C FindClose,FindFirstFileExW,GetLastError,0_2_005B1F8C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B2012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_005B2012
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006113F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_006113F0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0083D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,7_2_0083D2B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008233B0 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,7_2_008233B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F1A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree,7_2_007F1A60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00843B20 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,7_2_00843B20
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00791F8C FindClose,FindFirstFileExW,GetLastError,7_2_00791F8C
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00792012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,7_2_00792012
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F13F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,7_2_007F13F0
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_703cab63ddfc30e52e5285a77dd3d65328718bd_cadc5c4f_ca1ea967-fef8-45d7-a94d-43811e9047c7\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_f7fc5d77e4181bfc8c190387d813954cf99dd80_2d68038f_ba0e7d69-f458-483a-978e-dbc15423d24c\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49730 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49730
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49730 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49730
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49744
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49745
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49744
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49745
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49745 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49744 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49760
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49760
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49763
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49760 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49763 -> 147.45.47.93:58709
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49763
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 147.45.47.93 ports 0,5,7,8,58709,9
                  Source: global trafficTCP traffic: 192.168.2.4:49730 -> 147.45.47.93:58709
                  Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                  Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                  Source: Joe Sandbox ViewIP Address: 104.26.5.15 104.26.5.15
                  Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                  Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                  Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
                  Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
                  Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006452A0 recv,GetCurrentProcess,0_2_006452A0
                  Source: global trafficHTTP traffic detected: GET /widget/demo/191.96.227.219 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=191.96.227.219 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YOPbGLbp0bEGIjA9RjS4dnTf9TMc_WNOZoEqYCGZPMusvyHbkcGkBp0b60YgEyf8aWQGPDnoAkT6yZQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-03-05; NID=513=APNOzOblleRB1aJFPx8Z_gRLPnRmzF3um8G7RczJpJHmMs2PjggLJuQJDSfSkkQEQw4W68eqU9PX_RTcXywZXXUq_AQqC0hF8Ap_QEpQOLc-nzbFkFzjdPZ3R_RYwXhxUJye9FK_ULZoYVxD6FGWtw5mxdI8GicRmXl8qJSIPUA
                  Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YOPbGLfp0bEGIjBOCVhRAJULzteCOxPiY_X6uQIji4BS0T9mLaHtP_Am7ecKTeSvtZKtamBURy9fib0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-03-05; NID=513=cj89ODLx9-NktihWgR6pcEkVLJtmzBmUJFxO5DHSM_Ex4E-3z8ovz6JNixtHvLzVH43EiHaIwe1tovaDxh4FgY0d0QihWT12B-WBStzI-FDmf6tkDRL3VTxmW2AgAZsr1Tppx2YUWmkCPuT4nscUI9perMpwKY6l9iEl-alk_30
                  Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YOPbGLbp0bEGIjDNZc3MZHlf1E0orMqnosUmz6W763DCXYHXDGytrbaZJcGJLjun_vRC8GiTovYLXb8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-03-05; NID=513=EQD99ALJd6fOZu26GG9BtUjXBRf2gGBsuk5QaS83mUVQaqMpvZ4LNdhssAidlPr7GtfSBFeiMvNnnYNjxcnDCKLiRS44NSdXzIk9nQXC3r6txe-PaW2vKLuatBzEjiBpwv1s228V4FQEbPNYX_vzR8IICWLCpTWJe0qikJMZQ84
                  Source: global trafficHTTP traffic detected: GET /widget/demo/191.96.227.219 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /widget/demo/191.96.227.219 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=191.96.227.219 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=191.96.227.219 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                  Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=obBedr2UOoU2yNe&MD=DdSnfapD HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                  Source: global trafficHTTP traffic detected: GET /widget/demo/191.96.227.219 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=191.96.227.219 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /widget/demo/191.96.227.219 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=191.96.227.219 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=obBedr2UOoU2yNe&MD=DdSnfapD HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                  Source: global trafficDNS traffic detected: DNS query: google.com
                  Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                  Source: global trafficDNS traffic detected: DNS query: db-ip.com
                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                  Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.0x
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exejaxxwa
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeot
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exetspX(
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exe
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.execeIdser
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/go.exeisepro_bot
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exe
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exeUs
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exeXb5?7
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exeka.ex;
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exeka.exbota
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.56/cost/lenin.exer
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-ocsp.symauth.com0
                  Source: Amcache.hve.20.drString found in binary or memory: http://upx.sf.net
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/A
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/c
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.000000000156A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219.outloo
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.2191s
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219D
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219IuG
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219QW
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219n?x
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.000000000156A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219ot
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.227.219yUk
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219P
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219lu
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.227.219r)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.000000000155F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/#:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.0000000001878000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.0000000001779000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001A60000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001A69000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001532000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.2190
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219E
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219S2
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.219hE
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.219
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://support.mozilla.org
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, _GC5VU0C8TlDHIYOayOodaC.zip.8.dr, 6vITM1PSugWZudEYSR57YQU.zip.13.dr, gWpl3DKIKrL9jhWS6lgcZ2J.zip.0.drString found in binary or memory: https://t.me/RiseProSUPPORT
                  Source: MPGPH131.exe, 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT4
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT=
                  Source: MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTV
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTh
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTl
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.8.dr, passwords.txt.0.dr, passwords.txt.13.drString found in binary or memory: https://t.me/risepro_bot
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot)
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot7.219
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot7.219H
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botAb
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botL#2
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botb#D
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_boteb
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://www.mozilla.org
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/;b
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1860303528.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857711497.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859526244.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859773130.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1856547579.0000000001983000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1955347396.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1957436453.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1941467920.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1958813737.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1976563824.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1992001998.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960474585.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1962204832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961923009.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1989731832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1954133777.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1950407144.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961204708.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1947493623.000000000186E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/k#O
                  Source: D87fZN3R3jFeplaces.sqlite.13.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/eata
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1860303528.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857711497.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859526244.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859773130.0000000001983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1856547579.0000000001983000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1955347396.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1957436453.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1941467920.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1958813737.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1976563824.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1992001998.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960474585.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1962204832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961923009.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1989731832.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1954133777.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1950407144.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961204708.000000000186E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1947493623.000000000186E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/r
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/refox
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/refoxt
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49737 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49754 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49762 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 40.126.24.82:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49779 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49781 version: TLS 1.2

                  System Summary

                  barindex
                  PE file has nameless sections
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005C001D0_2_005C001D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006780800_2_00678080
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006161D00_2_006161D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B00_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065C3E00_2_0065C3E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005FF7300_2_005FF730
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065B7E00_2_0065B7E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0058B8E00_2_0058B8E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006BC8D00_2_006BC8D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006549B00_2_006549B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00611A600_2_00611A60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00618A800_2_00618A80
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0061CBF00_2_0061CBF0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00627D200_2_00627D20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0061AEC00_2_0061AEC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00613ED00_2_00613ED0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0060DF600_2_0060DF60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006B20C00_2_006B20C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006C40A00_2_006C40A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006C31600_2_006C3160
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006211300_2_00621130
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006021000_2_00602100
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B71900_2_005B7190
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005C035F0_2_005C035F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006703500_2_00670350
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005AF5700_2_005AF570
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005D47AD0_2_005D47AD
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005BC9500_2_005BC950
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005BA9180_2_005BA918
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005CDA740_2_005CDA74
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006C4AE00_2_006C4AE0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00610BA00_2_00610BA0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00664B900_2_00664B90
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005D8BA00_2_005D8BA0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00621E400_2_00621E40
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005D8E200_2_005D8E20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0066BFC00_2_0066BFC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0066CFC00_2_0066CFC0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA700000_2_7FA70000
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA708190_2_7FA70819
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008580807_2_00858080
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007A001D7_2_007A001D
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F61D07_2_007F61D0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008A31607_2_008A3160
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0083D2B07_2_0083D2B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0083C3E07_2_0083C3E0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007DF7307_2_007DF730
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0083B7E07_2_0083B7E0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0089C8D07_2_0089C8D0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0076B8E07_2_0076B8E0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008349B07_2_008349B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F1A607_2_007F1A60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F8A807_2_007F8A80
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007FCBF07_2_007FCBF0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00807D207_2_00807D20
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007B8E207_2_007B8E20
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F3ED07_2_007F3ED0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007FAEC07_2_007FAEC0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007EDF607_2_007EDF60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008A40A07_2_008A40A0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008920C07_2_008920C0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007E21007_2_007E2100
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008011307_2_00801130
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007971907_2_00797190
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007A035F7_2_007A035F
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008503507_2_00850350
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0078F5707_2_0078F570
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007B47AD7_2_007B47AD
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0079C9507_2_0079C950
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0079A9187_2_0079A918
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007ADA747_2_007ADA74
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008A4AE07_2_008A4AE0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00844B907_2_00844B90
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007B8BA07_2_007B8BA0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F0BA07_2_007F0BA0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00801E407_2_00801E40
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0084BFC07_2_0084BFC0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0084CFC07_2_0084CFC0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_7F6F00007_2_7F6F0000
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_7F6F08197_2_7F6F0819
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: String function: 0059ACE0 appears 86 times
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 0077ACE0 appears 86 times
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 1980
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000000.1628134455.0000000000724000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: Section: ZLIB complexity 0.9997618952472294
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: Section: ZLIB complexity 0.9934290213178295
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: Section: ZLIB complexity 0.99462890625
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: Section: ZLIB complexity 1.0006510416666667
                  Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9997618952472294
                  Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9934290213178295
                  Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.99462890625
                  Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 1.0006510416666667
                  Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9997618952472294
                  Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9934290213178295
                  Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.99462890625
                  Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 1.0006510416666667
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@44/85@9/7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7212
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6668:120:WilError_03
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess796
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8700
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6788
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1856547579.0000000001945000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1953686131.0000000001B96000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951033571.0000000001B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B96000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B96000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1949927709.0000000001B62000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001BA2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1953855338.0000000001B6E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1954990178.0000000001B6E000.00000004.00000020.00020000.00000000.sdmp, TgQ4S6c4BAPSLogin Data.7.dr, FbUnNuCw4_bKLogin Data.13.dr, KschALC58KiLLogin Data For Account.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeReversingLabs: Detection: 50%
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeVirustotal: Detection: 58%
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                  Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe"
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                  Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4433995280801359943,15790253874222841577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 1980
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 2004
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 1260
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 1896
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4433995280801359943,15790253874222841577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: dxcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: version.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: shfolder.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: version.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: shfolder.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: vaultcli.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic file information: File size 3197440 > 1048576
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x225a00

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe.580000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 7.2.MPGPH131.exe.760000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 8.2.MPGPH131.exe.760000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 13.2.RageMP131.exe.720000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 15.2.RageMP131.exe.720000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0064C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_0064C630
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .data
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B3F49 push ecx; ret 0_2_005B3F5C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA717A0 push 7FA70002h; ret 0_2_7FA717AF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71FB0 push 7FA70002h; ret 0_2_7FA71FBF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71F80 push 7FA70002h; ret 0_2_7FA71F8F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70F90 push 7FA70002h; ret 0_2_7FA70F9F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA72790 push 7FA70002h; ret 0_2_7FA7279F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71FE0 push 7FA70002h; ret 0_2_7FA71FEF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70FF0 push 7FA70002h; ret 0_2_7FA70FFF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA727F0 push 7FA70002h; ret 0_2_7FA727FF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70FC0 push 7FA70002h; ret 0_2_7FA70FCF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA727C0 push 7FA70002h; ret 0_2_7FA727CF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA717D0 push 7FA70002h; ret 0_2_7FA717DF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71F20 push 7FA70002h; ret 0_2_7FA71F2F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70F30 push 7FA70002h; ret 0_2_7FA70F3F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA72730 push 7FA70002h; ret 0_2_7FA7273F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70F00 push 7FA70002h; ret 0_2_7FA70F0F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA72700 push 7FA70002h; ret 0_2_7FA7270F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71710 push 7FA70002h; ret 0_2_7FA7171F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70F60 push 7FA70002h; ret 0_2_7FA70F6F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA72760 push 7FA70002h; ret 0_2_7FA7276F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71770 push 7FA70002h; ret 0_2_7FA7177F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71740 push 7FA70002h; ret 0_2_7FA7174F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71F50 push 7FA70002h; ret 0_2_7FA71F5F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA70EA0 push 7FA70002h; ret 0_2_7FA70EAF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA726A0 push 7FA70002h; ret 0_2_7FA726AF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA716B0 push 7FA70002h; ret 0_2_7FA716BF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71680 push 7FA70002h; ret 0_2_7FA7168F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71E90 push 7FA70002h; ret 0_2_7FA71E9F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA716E0 push 7FA70002h; ret 0_2_7FA716EF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71EF0 push 7FA70002h; ret 0_2_7FA71EFF
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_7FA71EC0 push 7FA70002h; ret 0_2_7FA71ECF
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name: entropy: 7.999628050473961
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name: entropy: 7.991031678374504
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name: entropy: 7.818155657101209
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStatic PE information: section name: entropy: 7.990686327893471
                  Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.999628050473961
                  Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.991031678374504
                  Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.818155657101209
                  Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.990686327893471
                  Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.999628050473961
                  Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.991031678374504
                  Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.818155657101209
                  Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.990686327893471
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Found stalling execution ending in API Sleep call
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeStalling execution: Execution stalls by calling Sleepgraph_0-50109
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeStalling execution: Execution stalls by calling Sleep
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeWindow / User API: threadDelayed 634Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-50122
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeEvaded block: after key decisiongraph_0-50895
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvaded block: after key decision
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-50479
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe TID: 5968Thread sleep count: 634 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6860Thread sleep count: 128 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6860Thread sleep count: 48 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7216Thread sleep count: 86 > 30
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7216Thread sleep count: 42 > 30
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8704Thread sleep count: 174 > 30
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8704Thread sleep count: 102 > 30
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 9084Thread sleep count: 33 > 30
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 9084Thread sleep count: 114 > 30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006433B0 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_006433B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00611A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,0_2_00611A60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00663B20 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_00663B20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B1F8C FindClose,FindFirstFileExW,GetLastError,0_2_005B1F8C
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B2012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_005B2012
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_006113F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,0_2_006113F0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0083D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,7_2_0083D2B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_008233B0 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,7_2_008233B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F1A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,LocalFree,7_2_007F1A60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00843B20 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,7_2_00843B20
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00791F8C FindClose,FindFirstFileExW,GetLastError,7_2_00791F8C
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00792012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,7_2_00792012
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F13F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,7_2_007F13F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_703cab63ddfc30e52e5285a77dd3d65328718bd_cadc5c4f_ca1ea967-fef8-45d7-a94d-43811e9047c7\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_f7fc5d77e4181bfc8c190387d813954cf99dd80_2d68038f_ba0e7d69-f458-483a-978e-dbc15423d24c\
                  Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
                  Source: MPGPH131.exe, 00000008.00000002.2092950272.0000000001B63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566Dom
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Essential Server Solutions without Hyper-V
                  Source: MPGPH131.exe, 00000008.00000002.2092162134.0000000001A81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: #Windows 10 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.000000000189B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.0000000001896000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000n&
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000005F
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
                  Source: RageMP131.exe, 0000000D.00000002.2101248987.00000000074A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowswwiV
                  Source: Amcache.hve.20.drBinary or memory string: vmci.sys
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
                  Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: vmware
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000179A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`c}
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
                  Source: Amcache.hve.20.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.20.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.20.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.20.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: "Windows 8 Microsoft Hyper-V Server
                  Source: MPGPH131.exe, 00000007.00000003.2027559370.000000000182C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}JO
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
                  Source: Amcache.hve.20.drBinary or memory string: VMware Virtual USB Mouse
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V
                  Source: RageMP131.exe, 0000000F.00000003.1944329420.000000000155D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
                  Source: Amcache.hve.20.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Hyper-V (guest)
                  Source: Amcache.hve.20.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.20.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Microsoft Hyper-V Server
                  Source: Amcache.hve.20.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.20.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: ~VirtualMachineTypes
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000A37000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000009F7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000009F7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: )Windows 8 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: %Windows 2012 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Hyper-V
                  Source: Amcache.hve.20.drBinary or memory string: VMware
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: $Windows 8.1 Microsoft Hyper-V Server
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000173D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566DpzIzG
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: ,Windows 2012 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}J65EtqTQ2ruTWZeEW0ke6pZu6LLcKCEPSL9PtJkfCzME
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Microsoft Hyper-V Server
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.000000000179A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001A8A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001553000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
                  Source: RageMP131.exe, 0000000D.00000003.1868798904.0000000001A9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
                  Source: Amcache.hve.20.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: %Windows 2016 Microsoft Hyper-V Server
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
                  Source: MPGPH131.exe, 00000007.00000002.2104214514.00000000017A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91e
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: +Windows 8.1 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsee
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.20.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.20.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.20.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.20.drBinary or memory string: VMware VMCI Bus Device
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
                  Source: RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<A
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: vmci.syshbin
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: VMware, Inc.
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
                  Source: Amcache.hve.20.drBinary or memory string: VMware20,1hbin@
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
                  Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: xVBoxService.exe
                  Source: Amcache.hve.20.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
                  Source: Amcache.hve.20.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001B68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566Dd":fa'O
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: *Windows 11 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: ,Windows 2016 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V (core)
                  Source: Amcache.hve.20.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
                  Source: MPGPH131.exe, 00000007.00000002.2104666258.0000000001865000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b},"signin_last_updated_time":1696333686.296287},"sentinel_creation_time":"13340807286316564","shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"smartscreen":{"enabled":true,"pua_protection_enabled":false},"subresource_filter":{"ruleset_version":{"checksum":0,"content":"","format":0}},"tab_stats":{"last_daily_sample":"13340807614137712"},"telemetry_client":{"host_telclient_path":"QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHBsaWNhdGlvblw5Mi4wLjkwMi42N1x0ZWxjbGllbnQuZGxs","install_source_name":"windows","os_integration_level":5,"sample_id":57862835,"updater_version":"1.3.147.37","windows_update_applied":false},"ukm":{"persisted_logs":[]},"uninstall_metrics":{"installation_date2":"1696333686"},"user_experience_metrics":{"client_id2":"48ea0ba2-e9bb-4568-92cb-0f42a5c5d505","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6122,"payload_counter":1,"pseudo_low_entropy_source":1088,"session_id":2,"stability":{"browser_last_live_timestamp":"13340894512964064","child_process_crash_count":0,"crash_count":0,"exited_cleanly":true,"extension_renderer_crash_count":0,"extension_renderer_failed_launch_count":0,"extension_renderer_launch_count":6,"gpu_crash_count":0,"incomplete_session_end_count":0,"launch_count":3,"page_load_count":7,"plugin_stats2":[],"renderer_crash_count":0,"renderer_failed_launch_count":0,"renderer_hang_count":0,"renderer_launch_count":3,"session_end_completed":true,"stats_buildtime":"1628133952","stats_version":"92.0.902.67-64","system_crash_count":0}},"variations_compressed_seed":"H4sIAAAAAAAAAJVYXXPiyA79K7d49qWwmcmSmboPfGWS2iQQTJI7tbuVamxh+sZ0e9ptCJnKf79H/iAQMLP7kDi2jk6rpZZays/GMIyo8eVnoxum41jYuTbL//I3ekn4Mykxi+mChM0MpY0vfzSWKYu7YYW+T+kqJGWl3TT+enMaA5mySl+olUhHo/GEacLi4y5PCdDJRKSWjHwVVmqVU/ACFzqO9ZqVHmlWck7oR0aprSEsDNvTu5AxqK8ldJxj8qmRUUSmm8i+CBa0Xdxf6CSRKh
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1664914507.00000000018AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}^3
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001B68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_2181566D
                  Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: VBoxService.exe
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V
                  Source: Amcache.hve.20.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: *Windows 10 Server Standard without Hyper-V
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
                  Source: RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: VMWare
                  Source: Amcache.hve.20.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}J6HEdjEHUub5EtqTQ2dk3wwrCNfruTWZeEqONRrqgXAW0ke6pZXg==_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*
                  Source: RageMP131.exe, 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2103118221.0000000000907000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2091075481.0000000000907000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098376243.00000000008C7000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2193200592.00000000008C7000.00000040.00000001.01000000.00000008.sdmpBinary or memory string: #Windows 11 Microsoft Hyper-V Server
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebugger
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B8A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005B8A54
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0064C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_0064C630
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00644130 mov eax, dword ptr fs:[00000030h]0_2_00644130
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00611A60 mov eax, dword ptr fs:[00000030h]0_2_00611A60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00824130 mov eax, dword ptr fs:[00000030h]7_2_00824130
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007F1A60 mov eax, dword ptr fs:[00000030h]7_2_007F1A60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_00666E20 GetLastError,GetModuleHandleA,GetProcAddress,GetProcessHeap,RtlAllocateHeap,HeapFree,RtlAllocateHeap,HeapFree,0_2_00666E20
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_005B450D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_005B8A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005B8A54
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0079450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_0079450D
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00798A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00798A54

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Contains functionality to inject threads in other processes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0064C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_0064C630
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0082C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,7_2_0082C630
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,0_2_005D31B8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: EnumSystemLocalesW,0_2_005CB1A3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_005D32E1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,0_2_005D33E7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_005D34BD
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,0_2_005CB726
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_005D2B48
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,0_2_005D2D4D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: EnumSystemLocalesW,0_2_005D2DF4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: EnumSystemLocalesW,0_2_005D2E3F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: EnumSystemLocalesW,0_2_005D2EDA
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_005D2F65
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,7_2_0083D2B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,7_2_007B31B8
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,7_2_007AB1A3
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_007B32E1
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,7_2_007B33E7
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_007B34BD
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,7_2_007AB726
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,7_2_007B2B48
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,7_2_007B2D4D
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,7_2_007B2DF4
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,7_2_007B2E3F
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,7_2_007B2EDA
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_007B2F65
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeCode function: 0_2_0065D2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_0065D2B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.20.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.20.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.20.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.20.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092162134.0000000001A27000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2086799247.000000000183E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1997073810.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1996378466.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1996163003.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.2027506796.0000000001892000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2025987376.0000000001B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104822243.0000000001894000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2087269629.0000000001983000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104214514.000000000173D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2026230623.0000000001B6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2026205617.0000000001B62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092977467.0000000001B6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.2027559370.000000000186E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe PID: 796, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 6788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7212, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8700, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 9080, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_GC5VU0C8TlDHIYOayOodaC.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\6vITM1PSugWZudEYSR57YQU.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\gWpl3DKIKrL9jhWS6lgcZ2J.zip, type: DROPPED
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1834968833.0000000001946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty Extension
                  Source: MPGPH131.exe, 00000007.00000002.2106455749.0000000007650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet1
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                  Source: MPGPH131.exe, 00000007.00000002.2106455749.0000000007650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet1
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json*Y
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsns
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet*
                  Source: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Livec
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqlite
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqlite
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.json
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe PID: 796, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 6788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7212, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8700, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092162134.0000000001A27000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2086799247.000000000183E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1997073810.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1996378466.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.1996163003.0000000001890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.2027506796.0000000001892000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2025987376.0000000001B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104822243.0000000001894000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2087269629.0000000001983000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2104214514.000000000173D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2026230623.0000000001B6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2026205617.0000000001B62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.2092977467.0000000001B6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000003.2027559370.000000000186E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe PID: 796, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 6788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7212, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8700, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 9080, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_GC5VU0C8TlDHIYOayOodaC.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\6vITM1PSugWZudEYSR57YQU.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\gWpl3DKIKrL9jhWS6lgcZ2J.zip, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		11
                  Process Injection                  		3
                  Obfuscated Files or Information                  		LSASS Memory1
                  Account Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job                  		1
                  Registry Run Keys / Startup Folder                  		1
                  Scheduled Task/Job                  		12
                  Software Packing                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Registry Run Keys / Startup Folder                  		1
                  DLL Side-Loading                  		NTDS35
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Masquerading                  		LSA Secrets241
                  Security Software Discovery                  		SSHKeylogging4
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                  Virtualization/Sandbox Evasion                  		Cached Domain Credentials12
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Process Injection                  		DCSync2
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1435791 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 03/05/2024 Architecture: WINDOWS Score: 100 61 ipinfo.io 2->61 63 db-ip.com 2->63 75 Snort IDS alert for network traffic 2->75 77 Multi AV Scanner detection for domain / URL 2->77 79 Antivirus detection for URL or domain 2->79 81 5 other signatures 2->81 8 SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe 6 62 2->8         started        13 chrome.exe 2->13         started        15 RageMP131.exe 2->15         started        17 3 other processes 2->17 signatures3 process4 dnsIp5 65 147.45.47.93, 49730, 49744, 49745 FREE-NET-ASFREEnetEU Russian Federation 8->65 67 ipinfo.io 34.117.186.192, 443, 49734, 49748 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->67 69 db-ip.com 104.26.5.15, 443, 49737, 49752 CLOUDFLARENETUS United States 8->69 45 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 8->45 dropped 47 C:\ProgramData\MPGPH131\MPGPH131.exe, PE32 8->47 dropped 49 C:\Users\user\...\gWpl3DKIKrL9jhWS6lgcZ2J.zip, Zip 8->49 dropped 91 Detected unpacking (changes PE section rights) 8->91 93 Tries to steal Mail credentials (via file / registry access) 8->93 95 Found many strings related to Crypto-Wallets (likely being stolen) 8->95 105 3 other signatures 8->105 19 schtasks.exe 1 8->19         started        21 schtasks.exe 1 8->21         started        23 WerFault.exe 8->23         started        25 MPGPH131.exe 5 50 13->25         started        28 chrome.exe 13->28         started        51 C:\Users\user\...\6vITM1PSugWZudEYSR57YQU.zip, Zip 15->51 dropped 97 Antivirus detection for dropped file 15->97 99 Multi AV Scanner detection for dropped file 15->99 101 Tries to harvest and steal browser information (history, passwords, etc) 15->101 30 WerFault.exe 15->30         started        71 192.168.2.4, 138, 443, 49730 unknown unknown 17->71 73 239.255.255.250 unknown Reserved 17->73 53 C:\Users\user\...\_GC5VU0C8TlDHIYOayOodaC.zip, Zip 17->53 dropped 103 Hides threads from debuggers 17->103 32 chrome.exe 17->32         started        35 chrome.exe 17->35         started        37 WerFault.exe 17->37         started        file6 signatures7 process8 dnsIp9 39 conhost.exe 19->39         started        41 conhost.exe 21->41         started        83 Antivirus detection for dropped file 25->83 85 Multi AV Scanner detection for dropped file 25->85 87 Detected unpacking (changes PE section rights) 25->87 89 6 other signatures 25->89 43 WerFault.exe 25->43         started        55 www.google.com 142.250.72.100, 443, 49738, 49739 GOOGLEUS United States 32->55 57 google.com 32->57 59 142.250.176.196, 443, 49783 GOOGLEUS United States 35->59 signatures10 process11

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe50%ReversingLabsWin32.Trojan.Strictor
                  SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe58%VirustotalBrowse
                  SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe100%AviraHEUR/AGEN.1306558

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%AviraHEUR/AGEN.1306558
                  C:\ProgramData\MPGPH131\MPGPH131.exe100%AviraHEUR/AGEN.1306558
                  C:\ProgramData\MPGPH131\MPGPH131.exe50%ReversingLabsWin32.Trojan.Strictor
                  C:\ProgramData\MPGPH131\MPGPH131.exe58%VirustotalBrowse
                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe50%ReversingLabsWin32.Trojan.Strictor
                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe58%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://pki-ocsp.symauth.com00%URL Reputationsafe
                  http://193.233.132.56/cost/lenin.exeXb5?70%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exeot0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exetspX(0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exe68.00%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exe100%Avira URL Cloudmalware
                  http://147.45.47.102:57893/hera/amadka.exe68.0x0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/go.exe0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/go.execeIdser0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/lenin.exeUs0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exeot15%VirustotalBrowse
                  http://193.233.132.56/cost/lenin.exeka.exbota0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exe68.015%VirustotalBrowse
                  http://193.233.132.56/cost/go.exe25%VirustotalBrowse
                  http://193.233.132.56/cost/lenin.exeka.ex;0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exejaxxwa0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/lenin.exe0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/lenin.exer0%Avira URL Cloudsafe
                  http://147.45.47.102:57893/hera/amadka.exe18%VirustotalBrowse
                  http://193.233.132.56/cost/go.exeisepro_bot0%Avira URL Cloudsafe
                  http://193.233.132.56/cost/lenin.exe26%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  google.com
                  		172.217.4.46
                  		truefalse
                    		high
                    ipinfo.io
                    		34.117.186.192
                    		truefalse
                      		high
                      www.google.com
                      		142.250.72.100
                      		truefalse
                        		high
                        db-ip.com
                        		104.26.5.15
                        		truefalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YOPbGLbp0bEGIjDNZc3MZHlf1E0orMqnosUmz6W763DCXYHXDGytrbaZJcGJLjun_vRC8GiTovYLXb8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                            		high
                            https://db-ip.com/demo/home.php?s=191.96.227.219false
                              		high
                              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                		high
                                https://ipinfo.io/widget/demo/191.96.227.219false
                                  		high
                                  https://www.google.com/async/newtab_promosfalse
                                    		high
                                    https://www.google.com/async/ddljson?async=ntp:2false
                                      		high
                                      https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YOPbGLbp0bEGIjA9RjS4dnTf9TMc_WNOZoEqYCGZPMusvyHbkcGkBp0b60YgEyf8aWQGPDnoAkT6yZQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                          		high
                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFD87fZN3R3jFeplaces.sqlite.13.drfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                              		high
                                              https://t.me/risepro_botebRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://147.45.47.102:57893/hera/amadka.exeMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 18%, Virustotal, Browse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://t.me/RiseProSUPPORTlRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://t.me/risepro_bot7.219MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                                      		high
                                                      http://147.45.47.102:57893/hera/amadka.exeotRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 15%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://db-ip.com/SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ipinfo.io/widget/demo/191.96.227.2190MPGPH131.exe, 00000008.00000002.2092162134.0000000001A60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://147.45.47.102:57893/hera/amadka.exetspX(SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://db-ip.com/demo/home.php?s=191.96.227.219n?xRageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://t.me/RiseProSUPPORThRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://193.233.132.56/cost/lenin.exeXb5?7RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://147.45.47.102:57893/hera/amadka.exe68.0MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 15%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                  		high
                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drfalse
                                                                    		high
                                                                    http://147.45.47.102:57893/hera/amadka.exe68.0xSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://db-ip.com/demo/home.php?s=191.96.227.2191sMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://t.me/riseproRageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://db-ip.com/demo/home.php?s=191.96.227.219otRageMP131.exe, 0000000F.00000002.2194242592.000000000156A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://db-ip.com/AMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://193.233.132.56/cost/go.exeMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • 25%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://t.me/RiseProSUPPORTVMPGPH131.exe, 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://t.me/risepro_bot)MPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://193.233.132.56/cost/go.execeIdserRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://db-ip.com/demo/home.php?s=191.96.227.219.outlooMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://db-ip.com/demo/home.php?s=191.96.227.219DRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drfalse
                                                                                      		high
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                        		high
                                                                                        https://db-ip.com:443/demo/home.php?s=191.96.227.219SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ipinfo.io/widget/demo/191.96.227.219hERageMP131.exe, 0000000D.00000002.2099657926.0000000001A69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://t.me/risepro_botL#2MPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ipinfo.io/#:RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://193.233.132.56/cost/lenin.exeUsMPGPH131.exe, 00000007.00000002.2104214514.0000000001730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://ipinfo.io/widget/demo/191.96.227.219EMPGPH131.exe, 00000007.00000002.2104214514.0000000001779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://t.me/RiseProSUPPORT=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://db-ip.com/cRageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://t.me/RiseProSUPPORT4MPGPH131.exe, 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                                          		high
                                                                                                          http://193.233.132.56/cost/lenin.exeka.exbotaMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://ipinfo.io/widget/demo/191.96.227.219S2SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                              		high
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                                                		high
                                                                                                                http://upx.sf.netAmcache.hve.20.drfalse
                                                                                                                  		high
                                                                                                                  https://t.me/RiseProSUPPORTRageMP131.exe, 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, _GC5VU0C8TlDHIYOayOodaC.zip.8.dr, 6vITM1PSugWZudEYSR57YQU.zip.13.dr, gWpl3DKIKrL9jhWS6lgcZ2J.zip.0.drfalse
                                                                                                                    		high
                                                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1863787047.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1857497356.00000000019AD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1960562962.0000000001896000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1954095590.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1955332457.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, ofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drfalse
                                                                                                                      		high
                                                                                                                      https://www.ecosia.org/newtab/SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                                                        		high
                                                                                                                        https://ipinfo.io/Mozilla/5.0SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brD87fZN3R3jFeplaces.sqlite.13.drfalse
                                                                                                                            		high
                                                                                                                            https://db-ip.com:443/demo/home.php?s=191.96.227.219r)RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://db-ip.com/demo/home.php?s=191.96.227.219QWSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ipinfo.io:443/widget/demo/191.96.227.219SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2104214514.00000000017C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000002.2092162134.0000000001AA6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.00000000014F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ac.ecosia.org/autocomplete?q=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://193.233.132.56/cost/lenin.exeka.ex;SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://t.me/risepro_botRageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.8.dr, passwords.txt.0.dr, passwords.txt.13.drfalse
                                                                                                                                      		high
                                                                                                                                      https://db-ip.com:443/demo/home.php?s=191.96.227.219PMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://t.me/risepro_bot7.219HRageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://t.me/risepro_botAbRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ipinfo.io/RageMP131.exe, 0000000F.00000002.2194242592.000000000155F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001594000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000F.00000002.2194242592.0000000001578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://pki-ocsp.symauth.com0SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://147.45.47.102:57893/hera/amadka.exejaxxwaRageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://www.maxmind.com/en/locate-my-ip-addressSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, MPGPH131.exefalse
                                                                                                                                                		high
                                                                                                                                                https://db-ip.com/demo/home.php?s=191.96.227.219IuGMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://193.233.132.56/cost/lenin.exeMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • 26%, Virustotal, Browse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://www.winimage.com/zLibDllSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000007.00000002.2102864029.0000000000761000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000008.00000002.2090843133.0000000000761000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 0000000D.00000002.2098106504.0000000000721000.00000040.00000001.01000000.00000008.sdmp, RageMP131.exe, 0000000F.00000002.2192978530.0000000000721000.00000040.00000001.01000000.00000008.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://db-ip.com:443/demo/home.php?s=191.96.227.219luMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.mozilla.orgD87fZN3R3jFeplaces.sqlite.13.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://t.me/risepro_botb#DMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesofPO1RwvHkuAHistory.0.dr, FAL14YoTdbqiHistory.13.dr, zJuLTaGAiOucHistory.13.dr, i1yIsS8bZnbMHistory.8.dr, 9cOnGTGkShnWHistory.0.dr, 2HnRxWloJpRxHistory.7.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://193.233.132.56/cost/lenin.exerSecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://db-ip.com/demo/home.php?s=191.96.227.219yUkMPGPH131.exe, 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1859408154.00000000072E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1864427567.00000000072EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe, 00000000.00000003.1855947799.00000000019AB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1961346965.000000000766A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1944872868.0000000001897000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1953713835.00000000018D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1959185609.0000000007728000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1955343277.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000008.00000003.1951162142.0000000001B7A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1961588677.00000000074BF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000003.1957623496.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, 0K7_4ZPCGxHpWeb Data.0.dr, v2cU2ORgmdjCWeb Data.13.dr, fPrkUqiJIt7RWeb Data.7.dr, jdYGzsyj2RgAWeb Data.0.dr, 7infWL2dpE0JWeb Data.13.dr, 00Qerm5hMGZOWeb Data.8.dr, 2a4LP_xtRLdaWeb Data.13.dr, zbISjRzl0odeWeb Data.7.dr, UI_98ko8uFErWeb Data.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://193.233.132.56/cost/go.exeisepro_botMPGPH131.exe, 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                34.117.186.192
                                                                                                                                                                		ipinfo.ioUnited States
                                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                142.250.176.196
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                104.26.5.15
                                                                                                                                                                		db-ip.comUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                239.255.255.250
                                                                                                                                                                		unknownReserved
                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                147.45.47.93
                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                                                                142.250.72.100
                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                Private

                                                                                                                                                                IP
                                                                                                                                                                192.168.2.4

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                Analysis ID:1435791
                                                                                                                                                                Start date and time:2024-05-03 07:22:05 +02:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 9m 26s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:29
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@44/85@9/7
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 58%
                                                                                                                                                                • Number of executed functions: 50
                                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 142.250.72.99, 142.251.35.174, 172.253.122.84, 34.104.35.123, 72.21.81.240, 192.229.211.108, 20.42.65.92, 142.251.40.131, 142.250.65.206
                                                                                                                                                                • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                06:22:57Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                06:22:57Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                06:22:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                06:23:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                07:23:37API Interceptor4x Sleep call for process: WerFault.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • ipinfo.io/json
                                                                                                                                                                SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • ipinfo.io/json
                                                                                                                                                                Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • ipinfo.io/ip
                                                                                                                                                                Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                                                • ipinfo.io/
                                                                                                                                                                Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                                                • ipinfo.io/
                                                                                                                                                                w.shGet hashmaliciousXmrigBrowse
                                                                                                                                                                • /ip
                                                                                                                                                                Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • ipinfo.io/ip
                                                                                                                                                                Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • ipinfo.io/ip
                                                                                                                                                                uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                • ipinfo.io/ip
                                                                                                                                                                8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                • ipinfo.io/ip
                                                                                                                                                                239.255.255.250PO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                  https://mandrillapp.com/track/click/31140489/aazenterprise.com?p=eyJzIjoiNUJvNUhtZmVHb2F5TEhHSWo4U3JuemNCVDJBIiwidiI6MSwicCI6IntcInVcIjozMTE0MDQ4OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FhemVudGVycHJpc2UuY29tXFxcL2lucXVpcnkuaHRtbD93aGl0ZT1aR1YyY21sbGJtUjBMbUpsY25SQVpHVnRaUzFuY205MWNDNWpiMjA9XCIsXCJpZFwiOlwiNTQ2NzE3YTVmZjkwNDc2Zjk4NzEyMzQ3MjYwNGUyYThcIixcInVybF9pZHNcIjpbXCI1N2JjZTAyMmU5NDQ5ODNjNzcxODk1ZTUzYThjYmMzZDdhNmZhZmEyXCJdfSJ9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    https://www.canva.com/design/DAGEBBzq9KM/jvjE01qRbaOyWhWyDOHDeg/view?utm_content=DAGEBBzq9KM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                      http://kprfamilydoctors.com.au//u0000Get hashmaliciousUnknownBrowse
                                                                                                                                                                        http://www.borneomedicalcentre.com/en/wp-content/themes/eightmedi-lite/js/jquery.bxslider.min.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                          SecuriteInfo.com.Variant.Doina.72042.21290.22220.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            https://kkhh10.z15.web.core.windows.net/merrx01usahtml/?bcda=1-877-906-9710Get hashmaliciousUnknownBrowse
                                                                                                                                                                              STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                8PiY5IvjhI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                  http://www.paviarealestate.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    104.26.5.15SecuriteInfo.com.Win64.Evo-gen.17494.7440.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • api.db-ip.com/v2/free/127.0.0.1
                                                                                                                                                                                    Nemty.exeGet hashmaliciousNemtyBrowse
                                                                                                                                                                                    • api.db-ip.com/v2/free/84.17.52.2/countryName
                                                                                                                                                                                    227.exeGet hashmaliciousNemtyBrowse
                                                                                                                                                                                    • api.db-ip.com/v2/free/102.129.143.40/countryName

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    google.comPO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                    • 142.250.176.196
                                                                                                                                                                                    https://mandrillapp.com/track/click/31140489/aazenterprise.com?p=eyJzIjoiNUJvNUhtZmVHb2F5TEhHSWo4U3JuemNCVDJBIiwidiI6MSwicCI6IntcInVcIjozMTE0MDQ4OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FhemVudGVycHJpc2UuY29tXFxcL2lucXVpcnkuaHRtbD93aGl0ZT1aR1YyY21sbGJtUjBMbUpsY25SQVpHVnRaUzFuY205MWNDNWpiMjA9XCIsXCJpZFwiOlwiNTQ2NzE3YTVmZjkwNDc2Zjk4NzEyMzQ3MjYwNGUyYThcIixcInVybF9pZHNcIjpbXCI1N2JjZTAyMmU5NDQ5ODNjNzcxODk1ZTUzYThjYmMzZDdhNmZhZmEyXCJdfSJ9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 142.251.32.100
                                                                                                                                                                                    https://www.canva.com/design/DAGEBBzq9KM/jvjE01qRbaOyWhWyDOHDeg/view?utm_content=DAGEBBzq9KM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 142.250.80.78
                                                                                                                                                                                    http://kprfamilydoctors.com.au//u0000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 142.250.65.164
                                                                                                                                                                                    http://www.borneomedicalcentre.com/en/wp-content/themes/eightmedi-lite/js/jquery.bxslider.min.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 142.251.35.164
                                                                                                                                                                                    SecuriteInfo.com.Variant.Doina.72042.21290.22220.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 142.250.65.164
                                                                                                                                                                                    https://kkhh10.z15.web.core.windows.net/merrx01usahtml/?bcda=1-877-906-9710Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 142.251.40.164
                                                                                                                                                                                    STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                    • 142.251.35.164
                                                                                                                                                                                    8PiY5IvjhI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                    • 142.250.65.164
                                                                                                                                                                                    http://www.paviarealestate.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 142.251.32.110
                                                                                                                                                                                    ipinfo.iofile.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    vEaFCBsRb7.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    oO2wHSVFJM.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    hYrJbjnzVc.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    4yFaZU8fhT.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    RY5YJaMEWE.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    OUZXNOqKXg.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    0BzQNa8hYd.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    3CkMJ4UkNy.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.8803.13656.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    db-ip.comfile.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.4.15
                                                                                                                                                                                    vEaFCBsRb7.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 172.67.75.166
                                                                                                                                                                                    oO2wHSVFJM.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    4yFaZU8fhT.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    RY5YJaMEWE.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 172.67.75.166
                                                                                                                                                                                    OUZXNOqKXg.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    0BzQNa8hYd.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 172.67.75.166
                                                                                                                                                                                    3CkMJ4UkNy.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.4.15
                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.8803.13656.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 172.67.75.166

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://herozheng.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.152.183
                                                                                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    https://wywljs.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.152.183
                                                                                                                                                                                    https://xdywna.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 34.117.152.183
                                                                                                                                                                                    https://mandrillapp.com/track/click/30551860/topbusiness.ro?p=eyJzIjoiWmkwVnFVYXdRYlFmYnVnd3Y3OWdtR2h1anpvIiwidiI6MSwicCI6IntcInVcIjozMDU1MTg2MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3RvcGJ1c2luZXNzLnJvXFxcL3dwLWFkbWluXFxcL2pzXFxcL3dpZGdldHNcXFwvbWVkaWFcXFwvP2FjdGlvbj12aWV3JjE0MD1jMk52ZEhRdVpHRm9ibXRsUUd4allYUjBaWEowYjI0dVkyOXQmcjE9MTQwJnIyPTE0MCZub2lzZT00Q0hBUlwiLFwiaWRcIjpcImVjMTY1MjE1OWRhYTRjZTA5ZGZhODE5NTEzNzU2Mjg1XCIsXCJ1cmxfaWRzXCI6W1wiOGMyZTc5NjYyNTU5N2FjNDFlODZkYmM4MWMwMjI2MTFjZjYyYTIzMlwiXX0ifQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 34.117.77.79
                                                                                                                                                                                    Pots.exeGet hashmalicious44userber Stealer, Rags StealerBrowse
                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                    vEaFCBsRb7.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    oO2wHSVFJM.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    https://www.opustrustweb.com/EmailTrackerAPI/open?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..62tVk07eUS1tgkfaDkQOqQ.nL-JZjGlYSBu9AibCOqK7-wJ7VXqjfoMrgeXwHgP6tLPx4s2jjofEWjZh794Ex5FiocFlK50_YxzembNjUsYkjIjaFyaIpNIDSPFE46cBlrxNy-t9VcCVcfKZphrojE0.AXzXZielor8D6px-r_wTOg&url=https://minicursodamariana.fun/nu/slceitil@emfa.ptGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 34.117.77.79
                                                                                                                                                                                    4yFaZU8fhT.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    CLOUDFLARENETUShttps://mandrillapp.com/track/click/31140489/aazenterprise.com?p=eyJzIjoiNUJvNUhtZmVHb2F5TEhHSWo4U3JuemNCVDJBIiwidiI6MSwicCI6IntcInVcIjozMTE0MDQ4OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FhemVudGVycHJpc2UuY29tXFxcL2lucXVpcnkuaHRtbD93aGl0ZT1aR1YyY21sbGJtUjBMbUpsY25SQVpHVnRaUzFuY205MWNDNWpiMjA9XCIsXCJpZFwiOlwiNTQ2NzE3YTVmZjkwNDc2Zjk4NzEyMzQ3MjYwNGUyYThcIixcInVybF9pZHNcIjpbXCI1N2JjZTAyMmU5NDQ5ODNjNzcxODk1ZTUzYThjYmMzZDdhNmZhZmEyXCJdfSJ9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 104.17.2.184
                                                                                                                                                                                    https://www.canva.com/design/DAGEBBzq9KM/jvjE01qRbaOyWhWyDOHDeg/view?utm_content=DAGEBBzq9KM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.16.103.112
                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.23212.6828.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                    http://kprfamilydoctors.com.au//u0000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.21.93.126
                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.21.53.146
                                                                                                                                                                                    http://www.borneomedicalcentre.com/en/wp-content/themes/eightmedi-lite/js/jquery.bxslider.min.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                    STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 172.67.189.159
                                                                                                                                                                                    http://www.paviarealestate.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 104.22.0.204
                                                                                                                                                                                    https://www.bjvpza.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.22.39.239
                                                                                                                                                                                    FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    vEaFCBsRb7.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    oO2wHSVFJM.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    hYrJbjnzVc.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    KhbShPK91I.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 193.233.132.56
                                                                                                                                                                                    4yFaZU8fhT.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    RY5YJaMEWE.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    MejqsB9tx9.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                    • 193.233.132.56
                                                                                                                                                                                    OUZXNOqKXg.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93
                                                                                                                                                                                    0BzQNa8hYd.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 147.45.47.93

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    28a2c9bd18a11de089ef85a160da29e4PO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    https://mandrillapp.com/track/click/31140489/aazenterprise.com?p=eyJzIjoiNUJvNUhtZmVHb2F5TEhHSWo4U3JuemNCVDJBIiwidiI6MSwicCI6IntcInVcIjozMTE0MDQ4OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FhemVudGVycHJpc2UuY29tXFxcL2lucXVpcnkuaHRtbD93aGl0ZT1aR1YyY21sbGJtUjBMbUpsY25SQVpHVnRaUzFuY205MWNDNWpiMjA9XCIsXCJpZFwiOlwiNTQ2NzE3YTVmZjkwNDc2Zjk4NzEyMzQ3MjYwNGUyYThcIixcInVybF9pZHNcIjpbXCI1N2JjZTAyMmU5NDQ5ODNjNzcxODk1ZTUzYThjYmMzZDdhNmZhZmEyXCJdfSJ9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    https://www.canva.com/design/DAGEBBzq9KM/jvjE01qRbaOyWhWyDOHDeg/view?utm_content=DAGEBBzq9KM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    http://kprfamilydoctors.com.au//u0000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    SecuriteInfo.com.Variant.Doina.72042.21290.22220.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    https://kkhh10.z15.web.core.windows.net/merrx01usahtml/?bcda=1-877-906-9710Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    STATEMENT OF ACCOUNT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    8PiY5IvjhI.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    https://sites.google.com/view/1017-docu-meusnme-office-ru/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    https://docs.google.com/drawings/d/1ir0TPTFrA2ZlsddUs_9uV_uLa1D8P2cUzCHWO0EIr4E/previewGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.51.58.94
                                                                                                                                                                                    • 52.165.165.26
                                                                                                                                                                                    • 40.126.24.82
                                                                                                                                                                                    • 20.12.23.50
                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Trojan.GenericKD.72607091.32716.31681.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    Dadebehring PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    Update on Payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    deobfuscated.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    deobfuscated.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192
                                                                                                                                                                                    GLAS_DeploymentMatrix_Full_26694_20240502_075604.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.26.5.15
                                                                                                                                                                                    • 34.117.186.192

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3197440
                                                                                                                                                                                    Entropy (8bit):7.973137564039597
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:vXXEVscFrenB6teP9akEurndc2IWBvXBcu2C3EOeZFvb0mLnAycFXd/En/8SdE7h:vnEicenY8sburUW5Xb2CM3k1BakSi7k
                                                                                                                                                                                    MD5:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    SHA1:AAF9A4B13C41BEB62D8B40440A37E999C512A33A
                                                                                                                                                                                    SHA-256:BC85F6C9D136388898852A62309EEF10A34B3118FD024281E14E468594C2FF9F
                                                                                                                                                                                    SHA-512:650CDC9CE136F8DD3A324A92571BE5309C86E25ED40C463FE2FF6161723EB056D50FCB3DC0F5F1941316CE9F411EEA5C67988EBF3B0B3037477E94AF7A7119A6
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 58%, Browse
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L.....2f...............'.........................@......................................@... .. .... .. ..........P.......l...............................0........................................................................................................*..................@.......................................@............P... .......0..............@................p.......8..............@................ ...`...8..............@....rsrc...............................@..@..........y..p...(...H..............@....data....`"......Z"..p..............@...................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_234a68b484188ee7734158a9c3c1f48d2f1fcf9_2d68038f_092f1c61-e679-4284-adf0-35641287d6cd\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.0910222827179215
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:z4lwypzU8Dv0N/yI6E6jjYZrSruBF9zuiFeZ24IO826t:0wwUecN/yXjC9zuiFeY4IO8p
                                                                                                                                                                                    MD5:0975F26C2B655E260F3E50F96BEB8C21
                                                                                                                                                                                    SHA1:04D9A034D090BFD0B1F7028E4B681C96951E85CB
                                                                                                                                                                                    SHA-256:C553AFD442F020B59C2B4872DB8BA8404040C7FAB42A58C60ACFF3F27749E966
                                                                                                                                                                                    SHA-512:2444775E1AE44F14DD64348356CCE5A361937630B5D941BB4244CEA28744CCB475BE9F778EB84F145DFE1CC586E7A35A7DFAE5A4D8FAAD35B6BF2ECE63B89800
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.2.5.9.7.4.7.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.3.4.2.5.1.8.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.2.f.1.c.6.1.-.e.6.7.9.-.4.2.8.4.-.a.d.f.0.-.3.5.6.4.1.2.8.7.d.6.c.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.f.5.2.e.d.c.a.-.8.9.c.8.-.4.b.5.6.-.9.5.3.2.-.b.8.2.e.c.6.0.c.8.a.4.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.P.G.P.H.1.3.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.8.4.-.0.0.0.1.-.0.0.1.4.-.c.f.5.a.-.2.5.f.5.1.9.9.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.0.0.0.0.0.9.1.0.!.0.0.0.0.a.a.f.9.a.4.b.1.3.c.4.1.b.e.b.6.2.d.8.b.4.0.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_f7fc5d77e4181bfc8c190387d813954cf99dd80_2d68038f_ba0e7d69-f458-483a-978e-dbc15423d24c\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.084061562094046
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:+wUl/pz78DZ07ErhN6E6jjTZrlyLB+EzuiFeZ24IO826t:10F7e67ErhAjNEzuiFeY4IO8p
                                                                                                                                                                                    MD5:8DF1AB5150CDD2CF6A41E3F805C54B94
                                                                                                                                                                                    SHA1:04507B31D031CBAF1A3AB1E0A1A5F181081DE7F8
                                                                                                                                                                                    SHA-256:6BC398211E820F23F87BDE25AFB40BF0BDDA8AEE38FA875FDAF2DBC8CAB302FE
                                                                                                                                                                                    SHA-512:AF949CCEA7CE940EC972EFFCE23D861700E04B8FBDBB3C372EEF681DF79CFA9EDC4AF67A07221704DE270CD6A2BE9F12CE6BF4A1D562E48C9569239CA21667BD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.2.1.4.9.1.1.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.3.1.1.9.4.2.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.a.0.e.7.d.6.9.-.f.4.5.8.-.4.8.3.a.-.9.7.8.e.-.d.b.c.1.5.4.2.3.d.2.4.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.6.8.f.b.c.0.d.-.7.3.2.5.-.4.a.c.0.-.b.d.e.1.-.a.6.5.1.a.4.7.0.9.3.8.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.P.G.P.H.1.3.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.2.c.-.0.0.0.1.-.0.0.1.4.-.d.f.8.0.-.4.e.f.5.1.9.9.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.0.0.0.0.0.9.1.0.!.0.0.0.0.a.a.f.9.a.4.b.1.3.c.4.1.b.e.b.6.2.d.8.b.4.0.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RageMP131.exe_c38d378e10faade69745bd4221c06297b5b1c26_d8abc321_c45c5e10-8fde-4227-81f3-86e9161f7cf4\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.0967366128563727
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWVBZ0+0Mpw4jYZrSruBF9zuiFeZ24IO8i:kVP0lMpw4jC9zuiFeY4IO8i
                                                                                                                                                                                    MD5:6C19162A32208492C6C8CB75C5E61D6D
                                                                                                                                                                                    SHA1:9C4B786103ABA88BD4C7AB00429DFD2E9CB1FC87
                                                                                                                                                                                    SHA-256:C6FF3AB35A8CD1DC03185C2D0A88C55E517CD8D45172FEB176C03F5D6D5DEB79
                                                                                                                                                                                    SHA-512:DBEC33C0217EC9A156559E5E0D7D7FD4DADC73863235F91046DACCD509C33215E2AEC94A8D79AD4D8AF9386B990D3568050697E9CD8AB226571967A959A604F8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.2.1.3.8.0.8.1.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.1.8.7.4.1.3.1.3.9.5.1.7.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.5.c.5.e.1.0.-.8.f.d.e.-.4.2.2.7.-.8.1.f.3.-.8.6.e.9.1.6.1.f.7.c.f.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.e.d.1.d.4.7.e.-.9.e.5.1.-.4.2.7.2.-.a.4.b.3.-.e.5.d.2.b.9.2.6.e.b.c.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.a.g.e.M.P.1.3.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.1.f.c.-.0.0.0.1.-.0.0.1.4.-.8.5.5.4.-.2.a.f.d.1.9.9.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.0.0.0.0.0.9.1.0.!.0.0.0.0.a.a.f.9.a.4.b.1.3.c.4.1.b.e.b.6.2.d.8.b.4.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_703cab63ddfc30e52e5285a77dd3d65328718bd_cadc5c4f_ca1ea967-fef8-45d7-a94d-43811e9047c7\Report.wer

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                    Entropy (8bit):1.1217388366049412
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:5kGPe9N0PmPljYZrSruVzfzuiFeZ24IO8w:mGW9OPmPljAfzuiFeY4IO8w
                                                                                                                                                                                    MD5:38BFCA56FD9225AF8DB5E3DC0C5AD605
                                                                                                                                                                                    SHA1:1124907654E2C377F45D334935504582CA139028
                                                                                                                                                                                    SHA-256:F7F0523082C895B53C17AFDC3C6B7FE5E931BB42296BFC624823A7CE1940F3FA
                                                                                                                                                                                    SHA-512:245BC16E083E8F0BADB6DED196E058A2E9239966AC0F029192A403AEA0157D9F540D238A983003102B38FCD26BFD790C1C6BC016277C9C9416E1B64ECF059D1D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.1.8.7.3.9.9.9.6.7.9.1.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.1.8.7.4.0.4.6.4.6.7.0.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.a.1.e.a.9.6.7.-.f.e.f.8.-.4.5.d.7.-.a.9.4.d.-.4.3.8.1.1.e.9.0.4.7.c.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.9.0.3.9.2.3.c.-.3.5.b.6.-.4.9.0.b.-.b.a.f.3.-.8.8.6.1.d.6.d.8.e.5.d.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...P.W.S.X.-.g.e.n...1.1.7.3.9...1.6.9.8.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.C.r.o.s.s.D.e.v.i.c.e.S.e.t.t.i.n.g.s.H.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.1.c.-.0.0.0.1.-.0.0.1.4.-.6.7.f.8.-.d.e.f.1.1.9.9.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.6.7.a.b.c.f.8.d.6.c.2.5.2.9.7.e.d.9.7.2.3.e.f.1.6.c.3.8.f.3.6.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER713D.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri May 3 05:23:20 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):117480
                                                                                                                                                                                    Entropy (8bit):1.9637804133964445
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Vomepqk+ue6NWWWWlTl5nzU1Zk+0Kuck4YlgFytRUxiVD8h0eWArRGrChVNP4Edq:gp4ue6vzn5FmbluUwE/JQ
                                                                                                                                                                                    MD5:41A2A972CCDF3E7F777E23DC085A0403
                                                                                                                                                                                    SHA1:34C7B760016CED6A3B7B3ECC12E5179EACEFB152
                                                                                                                                                                                    SHA-256:409BB60ED8CEAE3CBED36B60BE0F3D0AE35D330A48DA321FA226F649D9F2BC6D
                                                                                                                                                                                    SHA-512:9450FA4F8F77B0747F731ACBAE8E02131E58229FFF63DD0FAF48179ADFAEF9A551DE427D9408780C99517AED9DF089994524EC33874F7B002600B26A61043441
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... ........t4f........................H...(.......l...p%..........`R..........`.......8...........T...........hM...}...........%...........'..............................................................................eJ......`(......GenuineIntel............T............t4f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER72D4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):8528
                                                                                                                                                                                    Entropy (8bit):3.7097590257645754
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:R6l7wVeJln6DD6Y9ySUMg1ctgmf9JJA4prN89bGssfXim:R6lXJ16H6YoSUM7tgmf9JJQG/fj
                                                                                                                                                                                    MD5:B9AB93AC0E405FBE001775AA302BDA2D
                                                                                                                                                                                    SHA1:8A0BD87125347A77FA44A2BB525858596A6980C8
                                                                                                                                                                                    SHA-256:D9E01B1160437FA92D8475D37252BA309D6230DFBCECC5653625AFB14E10FD95
                                                                                                                                                                                    SHA-512:3E192B4B5C9102BC0709D08E84B396F2B606226279733308A43B47E8C0EFD42775B27173940E9A8D20A2E4A86CA2988960F051ACC4E58998BE30F407E29A192E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.6.<./.P.i.d.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER73DE.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4888
                                                                                                                                                                                    Entropy (8bit):4.600488072825972
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsyJg77aI9J2WpW8VYmPYm8M4JEAwAwNiFF+q81A+vuDisAzblAzofd:uIjfAI7fX7V2JCqI0i1bEmd
                                                                                                                                                                                    MD5:43CFBE280CC8217F17A2E151C5B5E169
                                                                                                                                                                                    SHA1:843FC127E9BDB486668B75B89C25B99ED9B59B06
                                                                                                                                                                                    SHA-256:09B71F1F66403D89049CFA7AE84773F2D54865E7E6F418C1B799CA78A6F28EBB
                                                                                                                                                                                    SHA-512:5ACA279899B171A8E130CE381EE9E64A9024099252A58BFCA56D84567E10EDE4FFA994A064817F39DAE817131E126813C8298DDCB9D6A2B99C7A5B04A4DB0538
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="306506" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0F7.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri May 3 05:23:32 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):121228
                                                                                                                                                                                    Entropy (8bit):1.9159956001009852
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:Aah0dacVBTFue6o/kngAl8iwfT/THqKsYOlHLYRMgIm+nuPv0/F7K7:RK7ue6kqfwruYIHbp9M0/m
                                                                                                                                                                                    MD5:09B5B1D4C20DB23E3E6A290D4A931B64
                                                                                                                                                                                    SHA1:418451C06552E7C53CB84A00F2B9B1DA592617F6
                                                                                                                                                                                    SHA-256:42523A9B389DBFDA417F2929AE5F0EF7FF0107D87AF35A5EE3D6313FF46537FF
                                                                                                                                                                                    SHA-512:AC126ACA0C76B6B3D07BE1F0793A03B45549C2C2C1C33A7D43BE5F6E8CD35B0C12059BD76C88915DCEBD40C87C25937509DF9AAF6541985BA29C999A76A531DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... ........t4f........................H...(.......l...p%...........R..........`.......8...........T............L...............%...........'..............................................................................eJ......`(......GenuineIntel............T........!...t4f............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA126.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri May 3 05:23:32 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):128442
                                                                                                                                                                                    Entropy (8bit):1.8551917056790512
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:w8KDNAmYwSe6/r9bltDvrNYp7+LKZwvLcqybag2Oe4DBeQ+e7rWkVZPX:vcem/Se6/JblVve6T0RgHkz/
                                                                                                                                                                                    MD5:4FE30D265AC750ECCFB5099D1D6674C2
                                                                                                                                                                                    SHA1:15883B80315FD09A69C7D5D4039D20623D122BD3
                                                                                                                                                                                    SHA-256:2D7D5410DD1C7AB2F29FF70BF852A28454761063AC5BF19EA6A1DC732CC7769D
                                                                                                                                                                                    SHA-512:F05F4D33ACD7E1BE43A7F8A851B416077347846D9397380947A8AF652E75E6250F0827C0E83DBD4D29D6B7A8E171E1C9FDB82CD5E65EF8BC4BEE132838AC538C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... ........t4f............D...............X.......l...4%...........T..........`.......8...........T...........`K..Z............%...........'..............................................................................eJ......$(......GenuineIntel............T.......,....t4f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2BC.tmp.dmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Fri May 3 05:23:32 2024, 0x1205a4 type
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):129974
                                                                                                                                                                                    Entropy (8bit):1.8403927437679877
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:GOTvq0omm6atue6z7PXaCg7dHXBkFOL9eWI4HNtAcDfIpszZuEwf:HTiBmGtue6PC7ZXBkFO4OvBksM
                                                                                                                                                                                    MD5:5983ADEE814E3D822765BF0022A3C72E
                                                                                                                                                                                    SHA1:6F6B8EF17D5D1F9A3EAFEB482119AA7E9BC42CD9
                                                                                                                                                                                    SHA-256:F86C3BFA866F2956319FFD9EF6E8E5D0586EA7CCA3CA550FA9FFD38CDAB4CA2E
                                                                                                                                                                                    SHA-512:20487ECC65C0A2232611ADE028EE122BAD4D5FE4AFC0152048EAE21AC946184D21E40E846C38AF79E48952173D409B6661EE029A9768051B4A2F85EFC19EE0A2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MDMP..a..... ........t4f............D...........H...X.......l....%...........U..........`.......8...........T...........xL..>............&...........'..............................................................................eJ.......(......GenuineIntel............T............t4f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2BD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8396
                                                                                                                                                                                    Entropy (8bit):3.706245061405053
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:R6l7wVeJS0S60G96Y9JSUyMcMgmfdJJDprQ89bFhsf33m:R6lXJSp6z6YTSUydMgmfdJJDFafm
                                                                                                                                                                                    MD5:29E3F31BB67DA26F9D37D4E09C774379
                                                                                                                                                                                    SHA1:C9CB8629441BFD5591F71D20A09AC4EA4B66579A
                                                                                                                                                                                    SHA-256:F7EFF1DDC19471C466A583EBC9F93A09B0029FC25A21DEB5F3A9BD95A8BFAB16
                                                                                                                                                                                    SHA-512:70264D98A3B6BBFC34F226C79938724A0D2ACA73D693C0DAE156FCAAE1C0BB9B6B9C7C5D5297B9178AD65E21A5E29C28D5AF6DB9694D189286C46CC133811175
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.7.0.0.<./.P.i.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2DD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6370
                                                                                                                                                                                    Entropy (8bit):3.732558420223259
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:R6l7wVeJ/ub6pUfYiBJJHcprT89bFDsfc3m:R6lXJS6QY6JJH9FofR
                                                                                                                                                                                    MD5:69CA03598D72B6573AB257FDC6D5E10D
                                                                                                                                                                                    SHA1:DF1C9518D39A707FC6E720711DF0BCC2F38141B1
                                                                                                                                                                                    SHA-256:C714FA770F2A764FCF469DFD25D8D3887FC6CD9F21ACC8D7F3B99BACCD7AD6A8
                                                                                                                                                                                    SHA-512:A61A4C1C56A4667D19B61FD5EE5D93D3D25E1F38017B3B33D1C35225BAEE2BD81D81D7B3B9EA21FA23C01F9527B2FA8FE449D06E9130C21CE6BCD6276E3F1DC8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.1.2.<./.P.i.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA31C.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4713
                                                                                                                                                                                    Entropy (8bit):4.523855432448344
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsyJg77aI9J2WpW8VYgYm8M4J8tiFQqu+q8svUubtpfd:uIjfAI7fX7VQJgquwubtNd
                                                                                                                                                                                    MD5:A735705F10EFF1487D421D56D7C45444
                                                                                                                                                                                    SHA1:4DD7C41B6BC98696DB7604BDD6FDF791F465D5C8
                                                                                                                                                                                    SHA-256:86397FCA18F4A7DBF4D9E8785131CCE6092ECB678CF782CAB4237805D5F20BAE
                                                                                                                                                                                    SHA-512:A70CE828882235F9DE834FDAFC88E9DB7530B415993D1585A7E49D6A18C639FC3B75D8C5ADA98F8AA9B148E92C60D12485F6929FEFDAB9B62DFBD76882670C95
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="306506" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA32C.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4718
                                                                                                                                                                                    Entropy (8bit):4.517175047626757
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsyJg77aI9J2WpW8VYHYm8M4JqfFC+q8dONobJEfd:uIjfAI7fX7VzJ7lobJid
                                                                                                                                                                                    MD5:F488D00C83474DE13A72DC5EB98E9DCC
                                                                                                                                                                                    SHA1:2B230F28CACFB06F99802DA2E7B8F98847A0AB97
                                                                                                                                                                                    SHA-256:C9C69C9E9A95DD8DA104337C6DA9A7CBC630CFEC4A2BC295FDE4F8DC496F4DD9
                                                                                                                                                                                    SHA-512:294CE9EA272FE5DC9AA54BA19F208C2386098991B6E856FC8E0AA415EB836D8D5CAE1FA41FEB037A4A8AE616006E58EF998CEF5E357053FDD6BA4F0297B003AB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="306506" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4D1.tmp.WERInternalMetadata.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6370
                                                                                                                                                                                    Entropy (8bit):3.7353540809696306
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:RSIU6o7wVetbPIuf6AddPoYiLGQXJJ+7PgaM4Uv89bhq9sfwbom:R6l7wVeJQuf6FYi3JJzprv89b89sfw0m
                                                                                                                                                                                    MD5:9D861F85B07F2AE44A33CAB93AAFC99E
                                                                                                                                                                                    SHA1:9D4F85AAC57C14360AD6C39D14B4D0DBE7775271
                                                                                                                                                                                    SHA-256:4FA8A2DD9A5FBEA66CBC94D2753ED1E68C9306D51F4B6497CAEBB1934E068FED
                                                                                                                                                                                    SHA-512:E195AA774B708FCDBDBD89E1BFC764F7560B54F35E6C16418A6F279DCC70ED1051E0ADAD4DA5D21C0962F35AD37ABC91FBB83FD943A290C7EC6FE015F2985B9E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.8.8.<./.P.i.

                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA510.tmp.xml

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4713
                                                                                                                                                                                    Entropy (8bit):4.5261125265506825
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsyJg77aI9J2WpW8VYyYm8M4J88zFDT+q8ZYQubtwfd:uIjfAI7fX7VeJfZTqBubt+d
                                                                                                                                                                                    MD5:B13F517A9C96D46ABD90EA912E9A2ED1
                                                                                                                                                                                    SHA1:EEF56406F4202B2D702A16C72A356C261508D466
                                                                                                                                                                                    SHA-256:807AB1ED098AF42A9F11B7B76FA68C152B7644CAD748D3D460B2C443D5DF19BE
                                                                                                                                                                                    SHA-512:D8C234CD2F66544024E604FC2E66065B54738316F9A2FF41B9F4534B9958D1CA613B56B56708BEC144AF24547A43D3F416841CE751A110BE383BBDE3692AF823
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="306506" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                    C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3197440
                                                                                                                                                                                    Entropy (8bit):7.973137564039597
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:vXXEVscFrenB6teP9akEurndc2IWBvXBcu2C3EOeZFvb0mLnAycFXd/En/8SdE7h:vnEicenY8sburUW5Xb2CM3k1BakSi7k
                                                                                                                                                                                    MD5:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    SHA1:AAF9A4B13C41BEB62D8B40440A37E999C512A33A
                                                                                                                                                                                    SHA-256:BC85F6C9D136388898852A62309EEF10A34B3118FD024281E14E468594C2FF9F
                                                                                                                                                                                    SHA-512:650CDC9CE136F8DD3A324A92571BE5309C86E25ED40C463FE2FF6161723EB056D50FCB3DC0F5F1941316CE9F411EEA5C67988EBF3B0B3037477E94AF7A7119A6
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 58%, Browse
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L.....2f...............'.........................@......................................@... .. .... .. ..........P.......l...............................0........................................................................................................*..................@.......................................@............P... .......0..............@................p.......8..............@................ ...`...8..............@....rsrc...............................@..@..........y..p...(...H..............@....data....`"......Z"..p..............@...................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\6vITM1PSugWZudEYSR57YQU.zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):5626
                                                                                                                                                                                    Entropy (8bit):7.902390321107444
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:RWGzqeAoMq+YK0KF8cAJiI2i+ux0eW9K0Z0WaJCycHyBBRGQdi+3KJB:VqASpF8wFLeiVKWaCyc6y+6JB
                                                                                                                                                                                    MD5:12C1998EE283605E3EB36D6AB5A8EBF7
                                                                                                                                                                                    SHA1:045FE33B49F8A1487DCB3BA08DFA6BFD331B18B8
                                                                                                                                                                                    SHA-256:3CD87E3B2932A09C7E99FED995D903B8E15410BAB8B2624AE44D0FFDFD7651EF
                                                                                                                                                                                    SHA-512:C204CE548C1C0C6035C4ABA31801BB1442A64A53702468179E367EA240758BF6BEA9A8E2859F3E635B5FEE09862D4EAA9B0480223F2B65D4E9ADF80D4298FAEB
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\6vITM1PSugWZudEYSR57YQU.zip, Author: Joe Security
                                                                                                                                                                                    Preview:PK.........:.X................Cookies\..PK.........:.XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E.*.l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3A*p.U5UX....Z.g:*e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O|.....>K......L*...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u|....v...3.;L..U?..b.....u..*..... .......F...P.a...|R*3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_GC5VU0C8TlDHIYOayOodaC.zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):5699
                                                                                                                                                                                    Entropy (8bit):7.896473259567238
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:DUT29vHz9WQBavDziBP1Pe4McobRHSI+cKGOujkbfxKaWmvDmsP833KJQ:DUT29Hz9WGFh1Pe4q46Kf9bfxhW+mQOJ
                                                                                                                                                                                    MD5:4BDB2E0A00C655BC40D5EBAF6E15CEEC
                                                                                                                                                                                    SHA1:1DD9AAF826D636A137A75ACE8A00F672231D62CB
                                                                                                                                                                                    SHA-256:ABEF540C4EBF9917309375049424CAC827F0F6580D0736140ED15E61DF2042B9
                                                                                                                                                                                    SHA-512:AA393FA107AF89AFA932B4495BECDA512B9E241E7EE0CF2698AC5CDA14D624A5232A240D3F264F602241ED3F143DC5BC4B6FE9F38FC29C880FED47A40E9B0DC4
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\_GC5VU0C8TlDHIYOayOodaC.zip, Author: Joe Security
                                                                                                                                                                                    Preview:PK.........:.X................Cookies\..PK.........:.X..s@..../......Cookies\Chrome_Default.txt.G.....5..G.BMx.....%.M...{...?.LH..71.t.....:y3..s./.0.m.%......../. ..!..A.C.........;...x...........!.2.....Z..<....*<.h8..<.q;.....9....gK.}.R.#f...A.E...1...?lR....b.....nS=l.%E&'...>x......h.......E)C..t..'.2<Z_@.........&Lk......0..B.mqk.9M1lf.-e@....E.v..R&..|..-....C.w.Y.K... ...*.....k..3..2W5.!vs.....S.~.......0._.*..e.....U...).....>...g+;...z[Ks....Z..d...|.".v..(...I....+.7.y.X@.H....eV.............Y..c..x...Kw.'S>.d|.....B..k.p..|C|F.......O52....`f.3W..../....i..E...7..c.Kwv..,]..C..j.2.T..+............t.2....6.M>..s..K.M...VJ..>;.......n.<f;]s.K..5...n....~$ ....%......Z#.....Q5...<n...I&......0<:..>..I.K)g.)..KX.H.(Y!..j4W.j..1.V..d\.T..,p...D...T..>z...,.....L.....Mh.t..!....A...!?.U...x..[a7j.N;#..t.\.#.Z.-)f...v_.<..?..`.D0..?......).vX.#...Lw.j...1.....M.#...+.W....h....U.W....G.w......'.Y?.....;.....`...X...C..w..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\gWpl3DKIKrL9jhWS6lgcZ2J.zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):5603
                                                                                                                                                                                    Entropy (8bit):7.904707576211243
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:wH8WGzqeAoMq+YK0KF8cAJiI2i+uWS+yFzjt7R6Dfg3OG3KJ5RzOt:tqASpF8wFfi596+H6Jc
                                                                                                                                                                                    MD5:46C5A1C49BACF8CD0FEA2C0E29BA7D5F
                                                                                                                                                                                    SHA1:B9BA284F5189CA8959F2B3F05F01A772B5830FC2
                                                                                                                                                                                    SHA-256:10A23D71EF01C1C3152E25D04ABA9E3DC71A3420AF3DA035306AEDFC573A0483
                                                                                                                                                                                    SHA-512:A9F85B83D99FEBF3204A5B65E36EF829B923F8CD3AA53790444F1857C1F79E5797ED2A4F7B97CF26551515AC8AFFD7C95BE76485F6C71D770CCC9960F4E1CFD2
                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\gWpl3DKIKrL9jhWS6lgcZ2J.zip, Author: Joe Security
                                                                                                                                                                                    Preview:PK.........:.X................Cookies\..PK.........:.XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E.*.l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3A*p.U5UX....Z.g:*e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O|.....>K......L*...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u|....v...3.;L..U?..b.....u..*..... .......F...P.a...|R*3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                    Entropy (8bit):2.449311833026446
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:LvFXTpn:pNn
                                                                                                                                                                                    MD5:2B2077B2928022F38886DB0FC7600EFE
                                                                                                                                                                                    SHA1:0B2DCB324949CDDD2DF615EAB9D3DB6FD39256D6
                                                                                                                                                                                    SHA-256:97B3620EC799D4357AC43FAD062974CD021F21BF8EF5B3EE13E023BD4223D48A
                                                                                                                                                                                    SHA-512:18BAE014F93378A7D6364F8DAB11370E043DA07C8369E5711100084EB3FF88841A1B2A0E5176CF4018AD45E80AFE76F92308189611DE172E9BD152227622D109
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:1714720260712

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\00Qerm5hMGZOWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\2HnRxWloJpRxHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\7ibVfOWFZmYgCookies

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                    Entropy (8bit):2.5793180405395284
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                    MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                    SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                    SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                    SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\BhdF3peWZ8fDWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\EL3MdOIyyqKgHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\HoyMk7Hm8HKeWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\PQaNvpNdlCcNHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\TgQ4S6c4BAPSLogin Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\fPrkUqiJIt7RWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\i1yIsS8bZnbMHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\jDDay9fAZ27tLogin Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\lq_FzBPDtiFFLogin Data For Account

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\oqtF7Wr83gO8Web Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\span0OWCnipDVXAW\zbISjRzl0odeWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\0K7_4ZPCGxHpWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\3QUvDHLQIpPQHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\8vdkeD2saVbHLogin Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\9cOnGTGkShnWHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\IzCsjzm3CcKuLogin Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\J0sWIHsIkGHTWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\KschALC58KiLLogin Data For Account

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\ThIg7B_auiTHHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\UI_98ko8uFErWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\dzUtof_Rrg2ECookies

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                    Entropy (8bit):2.5793180405395284
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                    MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                    SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                    SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                    SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\gHpDxztGM2ghWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\jW0rcT_5J3lyWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\jdYGzsyj2RgAWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spanUfhewXukFAeX\ofPO1RwvHkuAHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\2a4LP_xtRLdaWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\4t8dExv_LQdMWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\7infWL2dpE0JWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\9JNno5wiVu1XCookies

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                    Entropy (8bit):2.5793180405395284
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                    MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                    SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                    SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                    SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5242880
                                                                                                                                                                                    Entropy (8bit):0.037963276276857943
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\FAL14YoTdbqiHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\FbUnNuCw4_bKLogin Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\FwanxoY0CagqHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\IeONn8JkiDm1Login Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\emvi1AuFmRezLogin Data For Account

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\i2J5b3z7gLf2Web Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\s8bxXxQRUwKxWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\v2cU2ORgmdjCWeb Data

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\zJuLTaGAiOucHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\spandBSgyOXmoj0v\zwkX_OnYAPDqHistory

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixy0OWCnipDVXAW\Cookies\Chrome_Default.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):12170
                                                                                                                                                                                    Entropy (8bit):6.038274200863744
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WhHGYUnOTNC5IcXkWFXZQHRFJ5Pts7c3aP:gwsPbtKvCpqq40wsPbtKvCpqq47
                                                                                                                                                                                    MD5:B6F52D24FC4333CE4C66DDA3C3735C85
                                                                                                                                                                                    SHA1:5B69F1D66E95EFE2CF1710E9F58526B2AAEC67E4
                                                                                                                                                                                    SHA-256:0FEE1A764F541EC6733DB89C823296650F6E581CD7D812D5A142B5A0AD9BC9B6
                                                                                                                                                                                    SHA-512:CD2C6D64083061D7C7A7E89CF9C9F7D2B66301C73CFB56D2CCD94D1B810DE42774DAE5B77DB2E567A26FC54989C04D8A60D76225E6F3F91FCD2AE4D2E01F3C4C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixy0OWCnipDVXAW\information.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5666
                                                                                                                                                                                    Entropy (8bit):5.281262115084655
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:xm2GxRRoCcT4Aisph+9hcmInv50WkvEzSvjANUbg3x:xSDCCvAtphWhcmIv5IY7B
                                                                                                                                                                                    MD5:7DB2402732B7AAF7A00F86F6684B0E02
                                                                                                                                                                                    SHA1:D5A96A6DCAD5BA51A78B5A68FA7046E01FB91716
                                                                                                                                                                                    SHA-256:E5C96D2E88DDA7173B1A44C02470688C999227B0D845E500F388FCAA1648067E
                                                                                                                                                                                    SHA-512:FADB20E25AF4A69AE94146E26B07EA455BD53EC138B6612166F2BCF6B241D0E0C692F8A4E904109FB7858AC3924990B5A7879A8B1A04B89E1E807D632E9FF4D0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:Build: dilda..Version: 1.9....Date: Fri May 3 07:23:28 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 870554ee6dfe065d5ee5bde314dc5f7f....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixy0OWCnipDVXAW....IP: 191.96.227.219..Location: US, New York..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 936905 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 3/5/2024 7:23:28..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe [776]..fontdrvhost.exe [784

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixy0OWCnipDVXAW\passwords.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4897
                                                                                                                                                                                    Entropy (8bit):2.518316437186352
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                    MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                    SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                    SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                    SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixyUfhewXukFAeX\Cookies\Chrome_Default.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6085
                                                                                                                                                                                    Entropy (8bit):6.038274200863744
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
                                                                                                                                                                                    MD5:ACB5AD34236C58F9F7D219FB628E3B58
                                                                                                                                                                                    SHA1:02E39404CA22F1368C46A7B8398F5F6001DB8F5C
                                                                                                                                                                                    SHA-256:05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
                                                                                                                                                                                    SHA-512:5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixyUfhewXukFAeX\information.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5645
                                                                                                                                                                                    Entropy (8bit):5.274062728056437
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:xmSgRRoGcT4Aisph+9hcmInvuS0WkvEzSvtANUbg3x:xGCGvAtphWhcmIvuSIYrB
                                                                                                                                                                                    MD5:BBA994068534B4A4FEA06D85E118B89A
                                                                                                                                                                                    SHA1:CC5349EFBC06FB42D5BCE08CFA4F04BA64708A55
                                                                                                                                                                                    SHA-256:6B241CF1D03ED6A35E3EB575F1CA71BEF45B8C2151C3A07BB7F68E307A71CBDD
                                                                                                                                                                                    SHA-512:CE2CF582CD1AB2B3D1B16FDD26A5274E59EEAFF2302C17AA7E5235D263CDBA8502D9D751B21E50EA3671D8D96EB371203CB406F28EB17A9243978A03BE6290A4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:Build: dilda..Version: 1.9....Date: Fri May 3 07:23:15 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 870554ee6dfe065d5ee5bde314dc5f7f....Path: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixyUfhewXukFAeX....IP: 191.96.227.219..Location: US, New York..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 936905 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 3/5/2024 7:23:15..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvho

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixyUfhewXukFAeX\passwords.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4897
                                                                                                                                                                                    Entropy (8bit):2.518316437186352
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                    MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                    SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                    SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                    SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixydBSgyOXmoj0v\Cookies\Chrome_Default.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6085
                                                                                                                                                                                    Entropy (8bit):6.038274200863744
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
                                                                                                                                                                                    MD5:ACB5AD34236C58F9F7D219FB628E3B58
                                                                                                                                                                                    SHA1:02E39404CA22F1368C46A7B8398F5F6001DB8F5C
                                                                                                                                                                                    SHA-256:05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
                                                                                                                                                                                    SHA-512:5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixydBSgyOXmoj0v\information.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5687
                                                                                                                                                                                    Entropy (8bit):5.28434430735919
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:xm2lORoCcT4Aisph+9hcmInv50WkvEzSvjANUbg3x:xwCCvAtphWhcmIv5IY7B
                                                                                                                                                                                    MD5:948BA1B8DF1C3F234A9D90A7D72B1D53
                                                                                                                                                                                    SHA1:F084A7C24D6FB7A365A56CD2C3672EECF537905E
                                                                                                                                                                                    SHA-256:9667FB2B9CD41A7BB5660FEB9E29B597C369FEA0270EDF5B01476F6FF46BAE44
                                                                                                                                                                                    SHA-512:831D1FD4239077C336B4F486C841E11BAB849EB8D4B340503BE742185FA870CCCCB7ABEBE96E596880417CF7F27B5EFF35CB2B16A5ADDC11BA1D0B9E3324B5ED
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:Build: dilda..Version: 1.9....Date: Fri May 3 07:23:28 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 870554ee6dfe065d5ee5bde314dc5f7f....Path: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixydBSgyOXmoj0v....IP: 191.96.227.219..Location: US, New York City..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 936905 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 3/5/2024 7:23:28..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe [776].

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\trixydBSgyOXmoj0v\passwords.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4897
                                                                                                                                                                                    Entropy (8bit):2.518316437186352
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                    MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                    SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                    SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                    SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                    Entropy (8bit):4.469436287152591
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:pIXfpi67eLPU9skLmb0b41WSPKaJG8nAgejZMMhA2gX4WABl0uNWdwBCswSbw:aXD941WlLZMM6YFHw+w
                                                                                                                                                                                    MD5:87494BF8A007D2856BEF1DA3AFB00878
                                                                                                                                                                                    SHA1:CE0BC0724DD1F440FB9BE1F701A598FC21E6731B
                                                                                                                                                                                    SHA-256:453D0827223018FE84E2D67709D39A435FD6E485A260728F4583B8762D2338DB
                                                                                                                                                                                    SHA-512:D53F0F81A323ADF7E468AC341533BB1AAD6A21F5DB75F71AFA0B10BA7B44D0B92B10A3615E86F71125BC4956619ECDA051CB4CC2C3789823B2D91311017E12E7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....................................................................................................................................................................................................................................................................................................................................................N.6........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Entropy (8bit):7.973137564039597
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5:8d6e0fa54df379d380222a4051ab848c
                                                                                                                                                                                    SHA1:aaf9a4b13c41beb62d8b40440a37e999c512a33a
                                                                                                                                                                                    SHA256:bc85f6c9d136388898852a62309eef10a34b3118fd024281e14e468594c2ff9f
                                                                                                                                                                                    SHA512:650cdc9ce136f8dd3a324a92571be5309c86e25ed40c463fe2ff6161723eb056d50fcb3dc0f5f1941316ce9f411eea5c67988ebf3b0b3037477e94af7a7119a6
                                                                                                                                                                                    SSDEEP:49152:vXXEVscFrenB6teP9akEurndc2IWBvXBcu2C3EOeZFvb0mLnAycFXd/En/8SdE7h:vnEicenY8sburUW5Xb2CM3k1BakSi7k
                                                                                                                                                                                    TLSH:7CE533E2B9378B41D5602A730D2ED27CDA49CDD99B18603365D6BD07BC3E94AAC14E0F
                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s...../.s

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:4c4d96ec0ce6c600

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0xf5c3b4
                                                                                                                                                                                    Entrypoint Section:.data
                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x663202DB [Wed May 1 08:52:43 2024 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:272279f18f704f637aa129691266b291

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    jmp 00007FB83086E1EAh
                                                                                                                                                                                    add byte ptr [eax+0Eh], dh
                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                    add byte ptr [eax-18h], ah
                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                    pop ebp
                                                                                                                                                                                    sub ebp, 00000010h
                                                                                                                                                                                    sub ebp, 00B5C3B4h
                                                                                                                                                                                    jmp 00007FB83086E1E9h
                                                                                                                                                                                    fisttp qword ptr [eax+ebx-3C4B4719h]
                                                                                                                                                                                    mov ch, 00h
                                                                                                                                                                                    add eax, ebp
                                                                                                                                                                                    add eax, 0000004Ch
                                                                                                                                                                                    mov ecx, 000005AAh
                                                                                                                                                                                    mov edx, DB06F5B3h
                                                                                                                                                                                    xor byte ptr [eax], dl
                                                                                                                                                                                    inc eax
                                                                                                                                                                                    dec ecx
                                                                                                                                                                                    jne 00007FB83086E1DCh
                                                                                                                                                                                    jmp 00007FB83086E1E9h
                                                                                                                                                                                    in eax, 8Bh
                                                                                                                                                                                    mov esi, 387E3830h
                                                                                                                                                                                    cmp cl, byte ptr [edi+32B3B3B3h]
                                                                                                                                                                                    jc 00007FB83086E22Dh
                                                                                                                                                                                    mov bl, B3h
                                                                                                                                                                                    mov bl, B0h
                                                                                                                                                                                    jle 00007FB83086E1EDh
                                                                                                                                                                                    mov ch, B3h
                                                                                                                                                                                    mov bl, B3h
                                                                                                                                                                                    or dword ptr [ebx+44B3B3B3h], ebx
                                                                                                                                                                                    push ecx
                                                                                                                                                                                    mov al, 7Bh
                                                                                                                                                                                    cmp byte ptr [edx], dh
                                                                                                                                                                                    mov edi, B0B3B3B3h
                                                                                                                                                                                    jbe 00007FB83086E220h
                                                                                                                                                                                    xlatb
                                                                                                                                                                                    xchg eax, edi
                                                                                                                                                                                    dec edi
                                                                                                                                                                                    cmp dh, byte ptr [edi+77DBE397h]
                                                                                                                                                                                    cmp al, 92h
                                                                                                                                                                                    mov bl, DBh
                                                                                                                                                                                    pop ebp
                                                                                                                                                                                    and byte ptr [edi], FFFFFFB3h
                                                                                                                                                                                    mov dl, 9Fh
                                                                                                                                                                                    xchg eax, edi
                                                                                                                                                                                    fcmovnb st(0), st(7)
                                                                                                                                                                                    xchg dword ptr [eax-4C49A4B0h], ebp
                                                                                                                                                                                    mov bl, B3h
                                                                                                                                                                                    pop edx
                                                                                                                                                                                    wait
                                                                                                                                                                                    mov bl, B3h
                                                                                                                                                                                    mov bl, E6h
                                                                                                                                                                                    out EEh, eax
                                                                                                                                                                                    cmp byte ptr [esi], dh
                                                                                                                                                                                    mov ebx, 38B3B3B3h
                                                                                                                                                                                    mov edi, 38B3B3B3h
                                                                                                                                                                                    mov dword ptr [72B3B3B3h], eax
                                                                                                                                                                                    pop edx
                                                                                                                                                                                    mov cl, 82h
                                                                                                                                                                                    mov cl, 30h
                                                                                                                                                                                    jno 00007FB83086E199h
                                                                                                                                                                                    cli
                                                                                                                                                                                    mov esp, 4C4C4736h
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    out dx, al
                                                                                                                                                                                    jno 00007FB83086E1A1h
                                                                                                                                                                                    mov bl, 38h
                                                                                                                                                                                    aas
                                                                                                                                                                                    xchg eax, edi
                                                                                                                                                                                    mov bh, B3h

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x93b0500xe1a.data
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x93be6c0x3b0.data
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x19c0000xafa0.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x93b0300x10.data
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x93b0000x18.data
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    0x10000x1590000x92a00c7dfc887323f1dc1927fe5930a5cb4f2False0.9997618952472294data7.999628050473961IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    0x15a0000x280000x1020022fcfa38c7aa06a109b013fd544976a2False0.9934290213178295data7.991031678374504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    0x1820000x50000x800ddf4d511939204e83114387be16ec4caFalse0.99462890625data7.818155657101209IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    0x1870000xb0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    0x1920000xa0000x6000681616b89d5c5df45d240c0af1f8dfd1False1.0006510416666667data7.990686327893471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .rsrc0x19c0000xb0000xb000f55c5215c73a04b580fdee8f27a08ae5False0.11330344460227272data2.153423809128472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    0x1a70000x7910000x32800651c2ff301dd0f5de99da99e6a34d888unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .data0x9380000x2260000x225a00a78308dd676d0938f41a88312865aae6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_ICON0x19c2500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RussianRussia0.1320921985815603
                                                                                                                                                                                    RT_ICON0x19c6b80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1600RussianRussia0.10465116279069768
                                                                                                                                                                                    RT_ICON0x19cd700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304RussianRussia0.08770491803278689
                                                                                                                                                                                    RT_ICON0x19d6f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RussianRussia0.05722326454033771
                                                                                                                                                                                    RT_ICON0x19e7a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.03475103734439834
                                                                                                                                                                                    RT_ICON0x1a0d480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384RussianRussia0.02509447331128956
                                                                                                                                                                                    RT_ICON0x1a4f700x1aaePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedRussianRussia0.39780380673499266
                                                                                                                                                                                    RT_GROUP_ICON0x1a6a200x68dataRussianRussia0.7596153846153846
                                                                                                                                                                                    RT_VERSION0x1a6a880x398OpenPGP Public KeyRussianRussia0.42282608695652174
                                                                                                                                                                                    RT_MANIFEST0x1a6e200x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                                                                                    user32.dllMessageBoxA
                                                                                                                                                                                    advapi32.dllRegCloseKey
                                                                                                                                                                                    oleaut32.dllSysFreeString
                                                                                                                                                                                    gdi32.dllCreateFontA
                                                                                                                                                                                    shell32.dllShellExecuteA
                                                                                                                                                                                    version.dllGetFileVersionInfoA
                                                                                                                                                                                    ole32.dllCoInitialize
                                                                                                                                                                                    WS2_32.dllWSAStartup
                                                                                                                                                                                    CRYPT32.dllCryptUnprotectData
                                                                                                                                                                                    SHLWAPI.dllPathFindExtensionA
                                                                                                                                                                                    gdiplus.dllGdipGetImageEncoders
                                                                                                                                                                                    SETUPAPI.dllSetupDiEnumDeviceInfo
                                                                                                                                                                                    ntdll.dllRtlUnicodeStringToAnsiString
                                                                                                                                                                                    RstrtMgr.DLLRmStartSession

                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                    RussianRussia
                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                    05/03/24-07:23:28.105870TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:22:59.725168TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:22:56.225615TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:22:59.405493TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:23:15.979133TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:23:24.180700TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:42.768589TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:27.210544TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:23:16.615218TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:19.547675TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:22:56.058203TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:23:16.143178TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    05/03/24-07:23:05.888918TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:05.759701TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:08.989573TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    05/03/24-07:23:09.005119TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949745147.45.47.93192.168.2.4

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    May 3, 2024 07:22:47.642311096 CEST49678443192.168.2.4104.46.162.224
                                                                                                                                                                                    May 3, 2024 07:22:48.126650095 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                    May 3, 2024 07:22:55.846683025 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:56.037043095 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:56.037132025 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:56.058202982 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:56.225615025 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:56.282919884 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:56.291929007 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.405493021 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:59.636431932 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.725167990 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.814344883 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:22:59.957137108 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:22:59.957178116 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.958307028 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:22:59.963486910 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:22:59.963504076 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:00.222131968 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:00.222228050 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.291457891 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.291480064 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.291740894 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.419364929 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.460120916 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.560146093 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.565792084 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.566065073 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.566108942 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.606765032 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.606786966 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.606807947 CEST49734443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:01.606815100 CEST4434973434.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.719520092 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:02.016576052 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.016601086 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.016663074 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.017154932 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.017165899 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.204715967 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.204801083 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.208465099 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.208468914 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.208673954 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.210028887 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.252121925 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.519364119 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.519427061 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.519499063 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.519936085 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.519943953 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.519969940 CEST49737443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:02.519974947 CEST44349737104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.520390987 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:02.577033997 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.577058077 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.577119112 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.577327967 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.577339888 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.608772039 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.608793020 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.608854055 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.609102011 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.609112978 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.697345018 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.697379112 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.697626114 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.697892904 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.697911024 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.760811090 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.766319036 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.767184019 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.767196894 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.768222094 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.768281937 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.775315046 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.775374889 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.775563002 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.775568962 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.794363976 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.794641018 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.794653893 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.795511961 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.795572996 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.795856953 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.795907974 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.795985937 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.795991898 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.829845905 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.882143021 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.889681101 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.889699936 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.890553951 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.890746117 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.890994072 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.891052961 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.891105890 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.923362017 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.936129093 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.997226954 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:02.997239113 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.129992962 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.370009899 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.370124102 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.370418072 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.371017933 CEST49739443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.371033907 CEST44349739142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.372483969 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.372524977 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.372756958 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.373020887 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.373034954 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.376820087 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.376923084 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.377006054 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.377615929 CEST49740443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.377633095 CEST44349740142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.379728079 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.379757881 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.379812002 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.380047083 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.380062103 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.404033899 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.404139042 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.404294968 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.404807091 CEST49738443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.404817104 CEST44349738142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.406325102 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.406353951 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.406464100 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.406883001 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.406898975 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.516591072 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.556811094 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.560367107 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.560399055 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.560686111 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.561100960 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.561156034 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.561407089 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.564721107 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.564929008 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.564955950 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.565288067 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.565800905 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.565865040 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.565937996 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.590305090 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.590723038 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.590743065 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.591605902 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.591665983 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.591964006 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.592016935 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.592114925 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.608125925 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.608125925 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.610953093 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:03.610980034 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.626760006 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:03.640109062 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.720304966 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.720324039 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745608091 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745651007 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745692968 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745726109 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.745744944 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745755911 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.745786905 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.745820045 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.748898983 CEST49741443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.748913050 CEST44349741142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752469063 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752509117 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752556086 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752559900 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.752583027 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752619028 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.752660990 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.753756046 CEST49742443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.753767014 CEST44349742142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.781949997 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.781985998 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.782011032 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.782027960 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.782035112 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.782080889 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.787369013 CEST49743443192.168.2.4142.250.72.100
                                                                                                                                                                                    May 3, 2024 07:23:03.787385941 CEST44349743142.250.72.100192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:03.872612953 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.382714033 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.508996964 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.571119070 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.571187019 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.586539030 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.697490931 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.697566032 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.731311083 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.759701014 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.823518991 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.888917923 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.912058115 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:05.966959953 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:05.984885931 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:07.718096018 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:07.772516966 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:07.782588005 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.026557922 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267051935 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267162085 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267225027 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.267261028 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267335892 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267385006 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.267436028 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267514944 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267555952 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.267579079 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267666101 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267710924 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.267716885 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267776966 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.267813921 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.455987930 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456005096 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456016064 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456027985 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456056118 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456064939 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.456067085 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:08.456124067 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:08.989573002 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:09.005119085 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:09.032193899 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:09.047813892 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:09.120362043 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:09.172808886 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:09.221055984 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:09.236277103 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:09.360332966 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:09.456736088 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:10.327341080 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:10.514358997 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:10.542110920 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:10.542202950 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:10.745482922 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:10.776784897 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.298003912 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:11.298088074 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:11.337073088 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.337097883 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.337158918 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.338479996 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.338491917 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.338578939 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.338609934 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.338664055 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.339876890 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.339889050 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.542133093 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.542301893 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.593586922 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.593693972 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.594712019 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.594775915 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.606847048 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.606857061 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.607053041 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.617707014 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.617723942 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.617935896 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.699451923 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.709620953 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.714590073 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.714621067 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.714693069 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.716459990 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.716475964 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.744113922 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.752121925 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.856792927 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:11.856822014 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.856910944 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:11.857990980 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:11.858007908 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.871258974 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.871447086 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.871510029 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.871660948 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.871669054 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.871706009 CEST49748443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.871711016 CEST4434974834.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.873120070 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.873141050 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.873199940 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.873472929 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.873486042 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.875094891 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.875212908 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.875283957 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.875453949 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.875468016 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.875478029 CEST49749443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:11.875482082 CEST4434974934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.876866102 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.876913071 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.876981974 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.877378941 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:11.877397060 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.903794050 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.903882980 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.905428886 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.905436039 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.905638933 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.944832087 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:11.988133907 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.060595036 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.060745001 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.061805010 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.061815023 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.061857939 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.061918974 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.062043905 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.062783003 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.062793016 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.063019037 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.063849926 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.064826012 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.080077887 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.080287933 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.080306053 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.080326080 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.080420971 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.080451012 CEST4434975023.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.080501080 CEST49750443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.104119062 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.112107038 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.116609097 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.116638899 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.116803885 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.117019892 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.117032051 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.261225939 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.261317015 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.263030052 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.263042927 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.263252974 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.298180103 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.298249960 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.299696922 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.299702883 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.299896002 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.301059961 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.348119020 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.374270916 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.374341011 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.374383926 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.374691963 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.374691963 CEST49752443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.374712944 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.374732971 CEST44349752104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.375241995 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:12.375633001 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.375710964 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.375749111 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.375957012 CEST49753443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:12.375972986 CEST44349753104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.376512051 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:12.445234060 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.476159096 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.508001089 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.508089066 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.509255886 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.509268999 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.509322882 CEST49754443192.168.2.423.51.58.94
                                                                                                                                                                                    May 3, 2024 07:23:12.509327888 CEST4434975423.51.58.94192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.604898930 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.612004995 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.620439053 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.635014057 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.656120062 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.750061989 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.751589060 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:12.817655087 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:12.842957973 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873025894 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873044968 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873051882 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873083115 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873095036 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873100996 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873127937 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.873145103 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873167038 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.873188972 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873198986 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873203039 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.873217106 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873224974 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873235941 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.873254061 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:12.873275995 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.873315096 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:12.923841953 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:13.031199932 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:13.033777952 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:13.151608944 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:13.276355982 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:15.134536982 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:15.134562016 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:15.134572983 CEST49751443192.168.2.452.165.165.26
                                                                                                                                                                                    May 3, 2024 07:23:15.134579897 CEST4434975152.165.165.26192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:15.979132891 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.143177986 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.214359999 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.237636089 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.385654926 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.426348925 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.426457882 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.448417902 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.503865004 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.503958941 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.615217924 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.682540894 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.692424059 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.692476034 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.692620993 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:16.753647089 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:16.932620049 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956321955 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956450939 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956537008 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:18.956598997 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956617117 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956690073 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:18.956789970 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956805944 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956820965 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956856966 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:18.956944942 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.956990004 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:18.957016945 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.957035065 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.957076073 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:18.969280005 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:18.969867945 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.145087957 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145145893 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145190954 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.145241022 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145328999 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145366907 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.145400047 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145441055 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.145476103 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.214302063 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.220161915 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.293267965 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.335381031 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.344608068 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.454308033 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.463946104 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.547674894 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.566957951 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.637298107 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:19.755537033 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.775041103 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:19.775072098 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.775135040 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:19.776575089 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:19.776591063 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.032027960 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.032121897 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.047326088 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.047338009 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.047540903 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.126204014 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.168126106 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.307009935 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.307121038 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.307169914 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.307614088 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.307630062 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.307645082 CEST49761443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:20.307651043 CEST4434976134.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.309153080 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.309179068 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.309241056 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.309628963 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.309644938 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.491189957 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.491275072 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.492856979 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.492871046 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.493071079 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.495013952 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.540112019 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.655936003 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.657627106 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.677407980 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.677717924 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.677733898 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.677752018 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.677769899 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.677798986 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.677846909 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678000927 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678016901 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678030968 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678044081 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.678047895 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678065062 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.678075075 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.678102970 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.737710953 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.737782001 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.737835884 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.738416910 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.738429070 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.738447905 CEST49762443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:20.738452911 CEST44349762104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.739061117 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.810075998 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.859497070 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866271973 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866348982 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866411924 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866414070 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.866501093 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866565943 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866578102 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.866605043 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.866632938 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.880642891 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.933026075 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.933083057 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.956110954 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.956110954 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:20.980701923 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:20.980813980 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.077749968 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.105492115 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.144439936 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.213887930 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.215930939 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.312238932 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.409904957 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.448421001 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.556242943 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.635863066 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.860960007 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.860982895 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.860996008 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861007929 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861020088 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861032009 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861105919 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.861160040 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.861407042 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861424923 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861437082 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861454964 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:21.861466885 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:21.861529112 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:22.050529957 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050549030 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050610065 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:22.050640106 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050707102 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050748110 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:22.050800085 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050826073 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:22.050945997 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:23.073362112 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:23.282022953 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:23.367535114 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:23.562827110 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:23.644148111 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:23.803674936 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:23.992132902 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:23.992203951 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:24.036168098 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:24.180700064 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:24.276482105 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:24.351938963 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:25.274581909 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.274616003 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:25.274677992 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.289361954 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.289378881 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:25.595165968 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:25.595248938 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.630496025 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.630513906 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:25.630701065 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:25.632169962 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.632194996 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:25.632231951 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:26.073733091 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:26.073805094 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:26.078510046 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:27.210544109 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:27.448957920 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.105870008 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:28.338855982 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.567133904 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.567133904 CEST49764443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.567173004 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.567183971 CEST4434976440.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.673420906 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.673454046 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.673532963 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.674710035 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.674731970 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.979863882 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.988982916 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.989017963 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.989727974 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.989732981 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.989769936 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:28.989779949 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:28.991728067 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:28.991784096 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:28.997143030 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:28.997410059 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.162081957 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.162143946 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.180583000 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.180656910 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.185823917 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.185857058 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.185869932 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.186103106 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.351774931 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.351789951 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.351805925 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.351828098 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:29.417165995 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.417227983 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:29.589386940 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321520090 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321543932 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321562052 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321621895 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.321643114 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321656942 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.321676016 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.321693897 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.321732998 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.322208881 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.322225094 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.322238922 CEST49765443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.322244883 CEST4434976540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.375407934 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.375432014 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.375500917 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.375660896 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.375675917 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.678248882 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.678747892 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.678772926 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.679403067 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.679409981 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:31.679435968 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:31.679445028 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:32.110707998 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:32.126375914 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:32.282459021 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:32.299253941 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:32.314920902 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:32.474096060 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953329086 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953355074 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953387022 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953442097 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.953444004 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953476906 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.953510046 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.953915119 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.953915119 CEST49766443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.953933001 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.953942060 CEST4434976640.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.988037109 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.988091946 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:34.988220930 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.988419056 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:34.988435984 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.290981054 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.291627884 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.291650057 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.292346001 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.292351007 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.292388916 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.292397976 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.519156933 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.519171000 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.519218922 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.519247055 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.519279957 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.519453049 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.519471884 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.519480944 CEST49767443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.519485950 CEST4434976740.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.543772936 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.543800116 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.544089079 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.544337034 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.544349909 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.547200918 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.547251940 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.547816992 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.548525095 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.548541069 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.844993114 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.845822096 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.845841885 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.846522093 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.846527100 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.846587896 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.846596956 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.848848104 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.849315882 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.849340916 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.849950075 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.849956036 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:35.849975109 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:35.849983931 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.060715914 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.060730934 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.060784101 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.060904026 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.061281919 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.061294079 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.061304092 CEST49768443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.061309099 CEST4434976840.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510196924 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510216951 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510260105 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510274887 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510317087 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.510365009 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.510582924 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.510601044 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.510611057 CEST49769443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.510617018 CEST4434976940.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.533339024 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.533412933 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.533663988 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.533828974 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.533855915 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.835339069 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.835890055 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.835937977 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.836538076 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.836550951 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:36.836616993 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:36.836632967 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.105089903 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.105108023 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.105142117 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.105185986 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.105225086 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.105272055 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.107284069 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.107321978 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.107351065 CEST49770443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.107366085 CEST4434977040.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.127425909 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.127454996 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.127569914 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.127706051 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.127716064 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.428829908 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.429383039 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.429403067 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.430258036 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.430263042 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.430322886 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.430330992 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691224098 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691246033 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691291094 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691318035 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.691334009 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691345930 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691364050 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.691390991 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.691673994 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.691688061 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.691695929 CEST49771443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.691700935 CEST4434977140.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.716448069 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.716542006 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:37.716814041 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.716886997 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:37.716898918 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.016590118 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.017142057 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.017168999 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.017884970 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.017885923 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.017894030 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.017910957 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327105999 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327125072 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327166080 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327208996 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327219009 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.327260017 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.327281952 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.327580929 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.327600956 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.327610970 CEST49773443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.327616930 CEST4434977340.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.353590012 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.353635073 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.354049921 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.354192019 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.354207039 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.655884027 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.655951977 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.658437967 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.658448935 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.658652067 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.659024954 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.659053087 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.659084082 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886418104 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886436939 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886492968 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.886493921 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886528015 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886558056 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.886578083 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886703014 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.886889935 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.886909008 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:38.886919022 CEST49775443192.168.2.440.126.24.82
                                                                                                                                                                                    May 3, 2024 07:23:38.886924982 CEST4434977540.126.24.82192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.325088024 CEST5870949760147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.325170040 CEST4976058709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:42.534298897 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.579102039 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:42.768589020 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.809210062 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:42.857285976 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:42.857341051 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.857536077 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:42.858800888 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:42.858814001 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:42.997447968 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.050304890 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:43.114233971 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.114326000 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.115940094 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.115948915 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.116188049 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.158224106 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.167534113 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.212124109 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.387921095 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.388029099 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.388107061 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.388324022 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.388345957 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.388356924 CEST49779443192.168.2.434.117.186.192
                                                                                                                                                                                    May 3, 2024 07:23:43.388361931 CEST4434977934.117.186.192192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.390408039 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.390433073 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.390522003 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.390888929 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.390899897 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.401726961 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.401971102 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:43.576971054 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.577033997 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.581314087 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.581324100 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.581556082 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.582978010 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.628128052 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.635765076 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.834742069 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.834824085 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.834870100 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.835247993 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.835267067 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.835279942 CEST49780443192.168.2.4104.26.5.15
                                                                                                                                                                                    May 3, 2024 07:23:43.835284948 CEST44349780104.26.5.15192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:43.836121082 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:44.073375940 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:44.155627966 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:44.203599930 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:44.251221895 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:44.495073080 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:44.977112055 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:45.031738043 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:48.001043081 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:48.189361095 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:48.995313883 CEST5870949763147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:48.995372057 CEST4976358709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:53.997654915 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:53.997694969 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:53.997756958 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:53.998141050 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:53.998157024 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.301428080 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.301505089 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.304464102 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.304471970 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.304681063 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.329503059 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.372144938 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598121881 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598140001 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598159075 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598228931 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.598253012 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598267078 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.598320961 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.603591919 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.603607893 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:54.603632927 CEST49781443192.168.2.420.12.23.50
                                                                                                                                                                                    May 3, 2024 07:23:54.603637934 CEST4434978120.12.23.50192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:57.292802095 CEST5870949744147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:57.292890072 CEST4974458709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:23:57.356004953 CEST5870949745147.45.47.93192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:57.356116056 CEST4974558709192.168.2.4147.45.47.93
                                                                                                                                                                                    May 3, 2024 07:24:03.483042002 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.483072042 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.483134031 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.483393908 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.483407974 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.667645931 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.667911053 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.667936087 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.668822050 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.668881893 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.670972109 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.671025038 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.719811916 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:03.719821930 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.766686916 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:13.689573050 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:13.689631939 CEST44349783142.250.176.196192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:13.689697027 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:15.234348059 CEST49783443192.168.2.4142.250.176.196
                                                                                                                                                                                    May 3, 2024 07:24:15.234378099 CEST44349783142.250.176.196192.168.2.4

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    May 3, 2024 07:22:59.471795082 CEST53616401.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.497612953 CEST53599801.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.570148945 CEST5743953192.168.2.48.8.8.8
                                                                                                                                                                                    May 3, 2024 07:22:59.570671082 CEST5143053192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:22:59.659003019 CEST53574398.8.8.8192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.659017086 CEST53514301.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:22:59.858989954 CEST5106353192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:22:59.947921991 CEST53510631.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:01.926069021 CEST5612853192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:23:02.015503883 CEST53561281.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.045484066 CEST53593341.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.486943007 CEST5773253192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:23:02.487102985 CEST5610553192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:23:02.576067924 CEST53561051.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:02.576425076 CEST53577321.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:11.241770983 CEST5134553192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:23:11.330077887 CEST53513451.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:19.000416040 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                                    May 3, 2024 07:23:19.074203014 CEST53562091.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:40.628925085 CEST53539701.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:23:58.984512091 CEST53634691.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.393942118 CEST5018553192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:24:03.394443989 CEST5899453192.168.2.41.1.1.1
                                                                                                                                                                                    May 3, 2024 07:24:03.481671095 CEST53501851.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.482223988 CEST53589941.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:03.617961884 CEST53543471.1.1.1192.168.2.4
                                                                                                                                                                                    May 3, 2024 07:24:26.973336935 CEST53591401.1.1.1192.168.2.4

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    May 3, 2024 07:22:59.570148945 CEST192.168.2.48.8.8.80xa9b9Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:22:59.570671082 CEST192.168.2.41.1.1.10x21d8Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:22:59.858989954 CEST192.168.2.41.1.1.10xd12eStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:01.926069021 CEST192.168.2.41.1.1.10xe966Standard query (0)db-ip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.486943007 CEST192.168.2.41.1.1.10xb9d8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.487102985 CEST192.168.2.41.1.1.10x4b2dStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:11.241770983 CEST192.168.2.41.1.1.10x855cStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:24:03.393942118 CEST192.168.2.41.1.1.10x35ccStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:24:03.394443989 CEST192.168.2.41.1.1.10xe0daStandard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    May 3, 2024 07:22:59.659003019 CEST8.8.8.8192.168.2.40xa9b9No error (0)google.com172.217.4.46A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:22:59.659017086 CEST1.1.1.1192.168.2.40x21d8No error (0)google.com142.250.64.78A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:22:59.947921991 CEST1.1.1.1192.168.2.40xd12eNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.015503883 CEST1.1.1.1192.168.2.40xe966No error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.015503883 CEST1.1.1.1192.168.2.40xe966No error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.015503883 CEST1.1.1.1192.168.2.40xe966No error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.576067924 CEST1.1.1.1192.168.2.40x4b2dNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:02.576425076 CEST1.1.1.1192.168.2.40xb9d8No error (0)www.google.com142.250.72.100A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:23:11.330077887 CEST1.1.1.1192.168.2.40x855cNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:24:03.481671095 CEST1.1.1.1192.168.2.40x35ccNo error (0)www.google.com142.250.176.196A (IP address)IN (0x0001)false
                                                                                                                                                                                    May 3, 2024 07:24:03.482223988 CEST1.1.1.1192.168.2.40xe0daNo error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • https:
                                                                                                                                                                                      • ipinfo.io
                                                                                                                                                                                    • db-ip.com
                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                    • fs.microsoft.com
                                                                                                                                                                                    • slscr.update.microsoft.com
                                                                                                                                                                                    • login.live.com

                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.44973434.117.186.192443796C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:01 UTC239OUTGET /widget/demo/191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Referer: https://ipinfo.io/
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: ipinfo.io
                                                                                                                                                                                    2024-05-03 05:23:01 UTC513INHTTP/1.1 200 OK
                                                                                                                                                                                    server: nginx/1.24.0
                                                                                                                                                                                    date: Fri, 03 May 2024 05:23:01 GMT
                                                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 921
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-envoy-upstream-service-time: 1
                                                                                                                                                                                    via: 1.1 google
                                                                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:01 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e
                                                                                                                                                                                    Data Ascii: { "input": "191.96.227.219", "data": { "ip": "191.96.227.219", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS174 Cogent Communications", "postal": "10001", "timezon
                                                                                                                                                                                    2024-05-03 05:23:01 UTC179INData Raw: 22 3a 20 22 50 72 69 76 61 74 65 20 52 65 73 69 64 65 6e 63 65 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 50 72 69 76 61 74 65 20 43 75 73 74 6f 6d 65 72 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                                                                    Data Ascii: ": "Private Residence", "country": "US", "email": "abuse@ipxo.com", "name": "Private Customer", "network": "191.96.227.0/24", "phone": "" } }}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.449737104.26.5.15443796C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:02 UTC263OUTGET /demo/home.php?s=191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: db-ip.com
                                                                                                                                                                                    2024-05-03 05:23:02 UTC654INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:02 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-iplb-request-id: A29E9A7A:C5E0_93878F2E:0050_663474B6_B4E4BB9:4F34
                                                                                                                                                                                    x-iplb-instance: 59215
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PbOGbXDSx4yEUXwH0OUxhP27ZyTFTi4AoEAbB14jyEscZZ%2F7gVnJ8sc5hUK0Jzejkk7FopGscSzhiapcTi22I%2BFsX6B3oCU4lI%2BJXRRJKZT7CHKKhU1XawQjOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 87ddd113cb1f42f1-EWR
                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                    2024-05-03 05:23:02 UTC664INData Raw: 32 39 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73
                                                                                                                                                                                    Data Ascii: 291{"status":"ok","demoInfo":{"ipAddress":"191.96.227.219","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages
                                                                                                                                                                                    2024-05-03 05:23:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.449738142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:02 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1304INHTTP/1.1 302 Found
                                                                                                                                                                                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YOPbGLbp0bEGIjDNZc3MZHlf1E0orMqnosUmz6W763DCXYHXDGytrbaZJcGJLjun_vRC8GiTovYLXb8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                    x-hallmonitor-challenge: CgwIt-nRsQYQ3bK_jQESBL9g49s
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Server: gws
                                                                                                                                                                                    Content-Length: 427
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    Set-Cookie: 1P_JAR=2024-05-03-05; expires=Sun, 02-Jun-2024 05:23:03 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                                                                                                                                    Set-Cookie: NID=513=EQD99ALJd6fOZu26GG9BtUjXBRf2gGBsuk5QaS83mUVQaqMpvZ4LNdhssAidlPr7GtfSBFeiMvNnnYNjxcnDCKLiRS44NSdXzIk9nQXC3r6txe-PaW2vKLuatBzEjiBpwv1s228V4FQEbPNYX_vzR8IICWLCpTWJe0qikJMZQ84; expires=Sat, 02-Nov-2024 05:23:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC427INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e
                                                                                                                                                                                    Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.449739142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:02 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1331INHTTP/1.1 302 Found
                                                                                                                                                                                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YOPbGLbp0bEGIjA9RjS4dnTf9TMc_WNOZoEqYCGZPMusvyHbkcGkBp0b60YgEyf8aWQGPDnoAkT6yZQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                    x-hallmonitor-challenge: CgwIt-nRsQYQjt37lAESBL9g49s
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Server: gws
                                                                                                                                                                                    Content-Length: 458
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    Set-Cookie: 1P_JAR=2024-05-03-05; expires=Sun, 02-Jun-2024 05:23:03 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                                                                                                                                    Set-Cookie: NID=513=APNOzOblleRB1aJFPx8Z_gRLPnRmzF3um8G7RczJpJHmMs2PjggLJuQJDSfSkkQEQw4W68eqU9PX_RTcXywZXXUq_AQqC0hF8Ap_QEpQOLc-nzbFkFzjdPZ3R_RYwXhxUJye9FK_ULZoYVxD6FGWtw5mxdI8GicRmXl8qJSIPUA; expires=Sat, 02-Nov-2024 05:23:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                                                                                                                                                                                    Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.449740142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:02 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1249INHTTP/1.1 302 Found
                                                                                                                                                                                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YOPbGLfp0bEGIjBOCVhRAJULzteCOxPiY_X6uQIji4BS0T9mLaHtP_Am7ecKTeSvtZKtamBURy9fib0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                    x-hallmonitor-challenge: CgwIt-nRsQYQx_2imAESBL9g49s
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Server: gws
                                                                                                                                                                                    Content-Length: 417
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    Set-Cookie: 1P_JAR=2024-05-03-05; expires=Sun, 02-Jun-2024 05:23:03 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                                                                                                                                    Set-Cookie: NID=513=cj89ODLx9-NktihWgR6pcEkVLJtmzBmUJFxO5DHSM_Ex4E-3z8ovz6JNixtHvLzVH43EiHaIwe1tovaDxh4FgY0d0QihWT12B-WBStzI-FDmf6tkDRL3VTxmW2AgAZsr1Tppx2YUWmkCPuT4nscUI9perMpwKY6l9iEl-alk_30; expires=Sat, 02-Nov-2024 05:23:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC6INData Raw: 3c 48 54 4d 4c 3e
                                                                                                                                                                                    Data Ascii: <HTML>
                                                                                                                                                                                    2024-05-03 05:23:03 UTC411INData Raw: 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 61 6d 70 3b 71 3d
                                                                                                                                                                                    Data Ascii: <HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&amp;q=


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.449741142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:03 UTC912OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YOPbGLbp0bEGIjA9RjS4dnTf9TMc_WNOZoEqYCGZPMusvyHbkcGkBp0b60YgEyf8aWQGPDnoAkT6yZQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    Cookie: 1P_JAR=2024-05-03-05; NID=513=APNOzOblleRB1aJFPx8Z_gRLPnRmzF3um8G7RczJpJHmMs2PjggLJuQJDSfSkkQEQw4W68eqU9PX_RTcXywZXXUq_AQqC0hF8Ap_QEpQOLc-nzbFkFzjdPZ3R_RYwXhxUJye9FK_ULZoYVxD6FGWtw5mxdI8GicRmXl8qJSIPUA
                                                                                                                                                                                    2024-05-03 05:23:03 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Server: HTTP server (unknown)
                                                                                                                                                                                    Content-Length: 3185
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 73 63 4b 39 4b 63 35 6d 33
                                                                                                                                                                                    Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="scK9Kc5m3
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1031INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                                                                                                                                                                                    Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    6192.168.2.449742142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:03 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YOPbGLfp0bEGIjBOCVhRAJULzteCOxPiY_X6uQIji4BS0T9mLaHtP_Am7ecKTeSvtZKtamBURy9fib0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    Cookie: 1P_JAR=2024-05-03-05; NID=513=cj89ODLx9-NktihWgR6pcEkVLJtmzBmUJFxO5DHSM_Ex4E-3z8ovz6JNixtHvLzVH43EiHaIwe1tovaDxh4FgY0d0QihWT12B-WBStzI-FDmf6tkDRL3VTxmW2AgAZsr1Tppx2YUWmkCPuT4nscUI9perMpwKY6l9iEl-alk_30
                                                                                                                                                                                    2024-05-03 05:23:03 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Server: HTTP server (unknown)
                                                                                                                                                                                    Content-Length: 3113
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 34 71 32 34 74 72 4d 4b 4b 51 57 48 72 59 6a 38 79 5f 73 32 31 4f 76 70 45 4b 64 70 75 4e 59 64 6e
                                                                                                                                                                                    Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="4q24trMKKQWHrYj8y_s21OvpEKdpuNYdn
                                                                                                                                                                                    2024-05-03 05:23:03 UTC959INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                                                                                                                                                                                    Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    7192.168.2.449743142.250.72.1004437484C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:03 UTC742OUTGET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YOPbGLbp0bEGIjDNZc3MZHlf1E0orMqnosUmz6W763DCXYHXDGytrbaZJcGJLjun_vRC8GiTovYLXb8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                    Cookie: 1P_JAR=2024-05-03-05; NID=513=EQD99ALJd6fOZu26GG9BtUjXBRf2gGBsuk5QaS83mUVQaqMpvZ4LNdhssAidlPr7GtfSBFeiMvNnnYNjxcnDCKLiRS44NSdXzIk9nQXC3r6txe-PaW2vKLuatBzEjiBpwv1s228V4FQEbPNYX_vzR8IICWLCpTWJe0qikJMZQ84
                                                                                                                                                                                    2024-05-03 05:23:03 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:03 GMT
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                    Server: HTTP server (unknown)
                                                                                                                                                                                    Content-Length: 3131
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:03 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e
                                                                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
                                                                                                                                                                                    2024-05-03 05:23:03 UTC1255INData Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 64 5f 30 36 71 76 78 35 4a 56 4c 4f 6b 66 64 47 59 45 42 61 64 32 4c 39 70 75 65
                                                                                                                                                                                    Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="d_06qvx5JVLOkfdGYEBad2L9pue
                                                                                                                                                                                    2024-05-03 05:23:03 UTC977INData Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e
                                                                                                                                                                                    Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    8192.168.2.44974834.117.186.1924437212C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:11 UTC239OUTGET /widget/demo/191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Referer: https://ipinfo.io/
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: ipinfo.io
                                                                                                                                                                                    2024-05-03 05:23:11 UTC513INHTTP/1.1 200 OK
                                                                                                                                                                                    server: nginx/1.24.0
                                                                                                                                                                                    date: Fri, 03 May 2024 05:23:11 GMT
                                                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 921
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-envoy-upstream-service-time: 2
                                                                                                                                                                                    via: 1.1 google
                                                                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:11 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e
                                                                                                                                                                                    Data Ascii: { "input": "191.96.227.219", "data": { "ip": "191.96.227.219", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS174 Cogent Communications", "postal": "10001", "timezon
                                                                                                                                                                                    2024-05-03 05:23:11 UTC179INData Raw: 22 3a 20 22 50 72 69 76 61 74 65 20 52 65 73 69 64 65 6e 63 65 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 50 72 69 76 61 74 65 20 43 75 73 74 6f 6d 65 72 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                                                                    Data Ascii: ": "Private Residence", "country": "US", "email": "abuse@ipxo.com", "name": "Private Customer", "network": "191.96.227.0/24", "phone": "" } }}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    9192.168.2.44974934.117.186.1924436788C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:11 UTC239OUTGET /widget/demo/191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Referer: https://ipinfo.io/
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: ipinfo.io
                                                                                                                                                                                    2024-05-03 05:23:11 UTC513INHTTP/1.1 200 OK
                                                                                                                                                                                    server: nginx/1.24.0
                                                                                                                                                                                    date: Fri, 03 May 2024 05:23:11 GMT
                                                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 921
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-envoy-upstream-service-time: 3
                                                                                                                                                                                    via: 1.1 google
                                                                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:11 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e
                                                                                                                                                                                    Data Ascii: { "input": "191.96.227.219", "data": { "ip": "191.96.227.219", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS174 Cogent Communications", "postal": "10001", "timezon
                                                                                                                                                                                    2024-05-03 05:23:11 UTC179INData Raw: 22 3a 20 22 50 72 69 76 61 74 65 20 52 65 73 69 64 65 6e 63 65 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 50 72 69 76 61 74 65 20 43 75 73 74 6f 6d 65 72 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                                                                    Data Ascii: ": "Private Residence", "country": "US", "email": "abuse@ipxo.com", "name": "Private Customer", "network": "191.96.227.0/24", "phone": "" } }}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    10192.168.2.44975023.51.58.94443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:11 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                    Host: fs.microsoft.com
                                                                                                                                                                                    2024-05-03 05:23:12 UTC465INHTTP/1.1 200 OK
                                                                                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                    Server: ECAcc (chd/0758)
                                                                                                                                                                                    X-CID: 11
                                                                                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                    X-Ms-Region: prod-eus-z1
                                                                                                                                                                                    Cache-Control: public, max-age=6055
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:12 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    X-CID: 2


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    11192.168.2.449752104.26.5.154437212C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:12 UTC263OUTGET /demo/home.php?s=191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: db-ip.com
                                                                                                                                                                                    2024-05-03 05:23:12 UTC658INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:12 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-iplb-request-id: AC4673C3:5952_93878F2E:0050_663474C0_B4E4C94:4F34
                                                                                                                                                                                    x-iplb-instance: 59215
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y6W4781m%2F5EJqwG9GBY1a4tm4fQYDE1412XKEAoBLFATItk6ivyztiymIr54WcBbXWluAszwQ%2F23LxUpH6Hu5dBhuLgyXR4eA19qGtq%2BbMak%2FJkoXWi%2BXWHOGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 87ddd1516e387274-EWR
                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                    2024-05-03 05:23:12 UTC664INData Raw: 32 39 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73
                                                                                                                                                                                    Data Ascii: 291{"status":"ok","demoInfo":{"ipAddress":"191.96.227.219","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages
                                                                                                                                                                                    2024-05-03 05:23:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    12192.168.2.449753104.26.5.154436788C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:12 UTC263OUTGET /demo/home.php?s=191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: db-ip.com
                                                                                                                                                                                    2024-05-03 05:23:12 UTC658INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:12 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-iplb-request-id: A29E9A19:C7F2_93878F2E:0050_663474C0_B4C5274:7B63
                                                                                                                                                                                    x-iplb-instance: 59128
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0v2MM5griYLm%2B3iyu0W17ed3%2FAz0S%2FwaQ17B0j313HfZUagx8XAOs7IOUuCaWmCCS3xAQhURyeyALABZVIUhMs6gzREWYQFegs%2BCgQAbO3r%2FcJct20TNR6icg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 87ddd1516d14443e-EWR
                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                    2024-05-03 05:23:12 UTC664INData Raw: 32 39 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73
                                                                                                                                                                                    Data Ascii: 291{"status":"ok","demoInfo":{"ipAddress":"191.96.227.219","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages
                                                                                                                                                                                    2024-05-03 05:23:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    13192.168.2.44975423.51.58.94443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:12 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                    Range: bytes=0-2147483646
                                                                                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                    Host: fs.microsoft.com
                                                                                                                                                                                    2024-05-03 05:23:12 UTC454INHTTP/1.1 200 OK
                                                                                                                                                                                    ApiVersion: Distribute 1.1
                                                                                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                    Server: ECAcc (chd/0778)
                                                                                                                                                                                    X-CID: 11
                                                                                                                                                                                    Cache-Control: public, max-age=6033
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:12 GMT
                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    X-CID: 2
                                                                                                                                                                                    2024-05-03 05:23:12 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    14192.168.2.44975152.165.165.26443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:12 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=obBedr2UOoU2yNe&MD=DdSnfapD HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                                                                                    2024-05-03 05:23:12 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                    MS-CorrelationId: d2e3ab4f-2190-4cbd-b966-bde5eb0cb6c5
                                                                                                                                                                                    MS-RequestId: 8f14ba4d-c217-4fc2-892c-1e111b81ff03
                                                                                                                                                                                    MS-CV: +ErNyyvdP0qRJaNp.0
                                                                                                                                                                                    X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:12 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 24490
                                                                                                                                                                                    2024-05-03 05:23:12 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                    2024-05-03 05:23:12 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    15192.168.2.44976134.117.186.1924438700C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:20 UTC239OUTGET /widget/demo/191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Referer: https://ipinfo.io/
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: ipinfo.io
                                                                                                                                                                                    2024-05-03 05:23:20 UTC513INHTTP/1.1 200 OK
                                                                                                                                                                                    server: nginx/1.24.0
                                                                                                                                                                                    date: Fri, 03 May 2024 05:23:20 GMT
                                                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 921
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-envoy-upstream-service-time: 2
                                                                                                                                                                                    via: 1.1 google
                                                                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:20 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e
                                                                                                                                                                                    Data Ascii: { "input": "191.96.227.219", "data": { "ip": "191.96.227.219", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS174 Cogent Communications", "postal": "10001", "timezon
                                                                                                                                                                                    2024-05-03 05:23:20 UTC179INData Raw: 22 3a 20 22 50 72 69 76 61 74 65 20 52 65 73 69 64 65 6e 63 65 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 50 72 69 76 61 74 65 20 43 75 73 74 6f 6d 65 72 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                                                                    Data Ascii: ": "Private Residence", "country": "US", "email": "abuse@ipxo.com", "name": "Private Customer", "network": "191.96.227.0/24", "phone": "" } }}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    16192.168.2.449762104.26.5.154438700C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:20 UTC263OUTGET /demo/home.php?s=191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: db-ip.com
                                                                                                                                                                                    2024-05-03 05:23:20 UTC658INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:20 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-iplb-request-id: A29E9AFC:8BB8_93878F2E:0050_663474C8_B4C5326:7B63
                                                                                                                                                                                    x-iplb-instance: 59128
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YqHZDF0jfk22Piw%2FvjOrAxSevNxCVR5KrWPZGO1A1tMTVOhJTEsz%2FMGzmErnVomFPchPujxRBTD31p6LCrii814GgddAV3Nw2nNaTINci%2Ft%2FWrybsXCx%2B8iccw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 87ddd1861d5b439a-EWR
                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                    2024-05-03 05:23:20 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                                                                    Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                                                                    2024-05-03 05:23:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    17192.168.2.44976440.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:25 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 3592
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:25 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:26 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:25 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C533_BAY
                                                                                                                                                                                    x-ms-request-id: 15c30aba-5b2a-4129-9f9d-d42b76d564e2
                                                                                                                                                                                    PPServer: PPV: 30 H: PH1PEPF00011DAB V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:25 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 1276
                                                                                                                                                                                    2024-05-03 05:23:26 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    18192.168.2.44976540.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:28 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 7642
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:28 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 72 7a 79 69 75 75 65 64 7a 68 76 63 63 78 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 36 59 6c 2e 73 79 7e 60 79 7e 6a 4d 73 74 4b 71 63 36 33 28 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 71 72 6c 66 67 75 6b 69 6a 65 76 6c 3c 2f 4f 6c 64 4d
                                                                                                                                                                                    Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02rzyiuuedzhvccx</Membername><Password>6Yl.sy~`y~jMstKqc63(</Password></Authentication><OldMembername>02akqrlfgukijevl</OldM
                                                                                                                                                                                    2024-05-03 05:23:31 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: text/xml
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:29 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C528_BL2
                                                                                                                                                                                    x-ms-request-id: bd025200-b844-4844-baf5-541e476ffccd
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D909 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:30 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 17166
                                                                                                                                                                                    2024-05-03 05:23:31 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 38 30 30 45 45 37 31 34 37 45 44 34 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 32 66 35 64 64 61 61 37 2d 30 30 38 64 2d 34 34 64 64 2d 62 62 34 64 2d 38 33 30 38 36 38 33 31 66 38 61 33 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                                                                                                    Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018800EE7147ED4</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="2f5ddaa7-008d-44dd-bb4d-83086831f8a3" LicenseID="3252b20c-d425-4711
                                                                                                                                                                                    2024-05-03 05:23:31 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                                                                                                    Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    19192.168.2.44976640.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:31 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 3592
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:31 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:34 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:31 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: 5291818b-f910-4665-ab79-ded868c6ddb9
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D9F4 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:34 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:34 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    20192.168.2.44976740.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:35 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:35 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:35 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:35 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C533_BL2
                                                                                                                                                                                    x-ms-request-id: c45259ba-1a67-4608-95ea-cc364c658cb9
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001DA30 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:34 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 1918
                                                                                                                                                                                    2024-05-03 05:23:35 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    21192.168.2.44976840.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:35 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:35 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:36 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:35 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C533_BL2
                                                                                                                                                                                    x-ms-request-id: 8435d7f6-a1ee-4d76-8bd9-73b4941da4d4
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D88C V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:35 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 1918
                                                                                                                                                                                    2024-05-03 05:23:36 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    22192.168.2.44976940.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:35 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:35 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:36 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:35 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: 5eb1a2b5-5fcf-4853-a51c-3b8bcbe666d4
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001DA05 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:36 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:36 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    23192.168.2.44977040.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:36 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:36 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:37 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:37 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30185.3
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: ef41ace5-7f0c-43de-a112-2715d953dd39
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D903 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:36 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:37 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    24192.168.2.44977140.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:37 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:37 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:37 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:37 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30185.3
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: 14336414-b926-408e-b2b7-d64a254c9917
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D906 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:36 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:37 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    25192.168.2.44977340.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:38 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:38 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:38 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:38 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30185.3
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: f13df56f-9b72-4cc1-994e-e620a6c578a4
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D907 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:38 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:38 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                    26192.168.2.44977540.126.24.82443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:38 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/soap+xml
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                    Content-Length: 4775
                                                                                                                                                                                    Host: login.live.com
                                                                                                                                                                                    2024-05-03 05:23:38 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                    2024-05-03 05:23:38 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                    Expires: Fri, 03 May 2024 05:22:38 GMT
                                                                                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-ms-route-info: C538_BL2
                                                                                                                                                                                    x-ms-request-id: 91766e2a-1aff-4e2b-b404-d33f75e8d1b9
                                                                                                                                                                                    PPServer: PPV: 30 H: BL02EPF0001D8E5 V: 0
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:38 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 11392
                                                                                                                                                                                    2024-05-03 05:23:38 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    27192.168.2.44977934.117.186.1924439080C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:43 UTC239OUTGET /widget/demo/191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Referer: https://ipinfo.io/
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: ipinfo.io
                                                                                                                                                                                    2024-05-03 05:23:43 UTC513INHTTP/1.1 200 OK
                                                                                                                                                                                    server: nginx/1.24.0
                                                                                                                                                                                    date: Fri, 03 May 2024 05:23:43 GMT
                                                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 921
                                                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                                                                                                    x-envoy-upstream-service-time: 3
                                                                                                                                                                                    via: 1.1 google
                                                                                                                                                                                    strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-05-03 05:23:43 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 31 39 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e
                                                                                                                                                                                    Data Ascii: { "input": "191.96.227.219", "data": { "ip": "191.96.227.219", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS174 Cogent Communications", "postal": "10001", "timezon
                                                                                                                                                                                    2024-05-03 05:23:43 UTC179INData Raw: 22 3a 20 22 50 72 69 76 61 74 65 20 52 65 73 69 64 65 6e 63 65 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 50 72 69 76 61 74 65 20 43 75 73 74 6f 6d 65 72 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                                                                    Data Ascii: ": "Private Residence", "country": "US", "email": "abuse@ipxo.com", "name": "Private Customer", "network": "191.96.227.0/24", "phone": "" } }}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    28192.168.2.449780104.26.5.154439080C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:43 UTC263OUTGET /demo/home.php?s=191.96.227.219 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                                                                    Host: db-ip.com
                                                                                                                                                                                    2024-05-03 05:23:43 UTC656INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:43 GMT
                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    x-iplb-request-id: AC46725E:C6EA_93878F2E:0050_663474DF_B4C5509:7B63
                                                                                                                                                                                    x-iplb-instance: 59128
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXTHwOmGwI0oaYJuDa%2BdswclUlrRNEwac1b7iP%2BL9WT8CCC03LY%2B7oeKvjUWmtqsmZCYoVPYvgIGbeeaSUqbfx9kfvyU9CDEm0Suc7dhUx%2FlutGWQuwNq55xIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 87ddd21668578cca-EWR
                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                    2024-05-03 05:23:43 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                                                                    Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                                                                    2024-05-03 05:23:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    29192.168.2.44978120.12.23.50443
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-05-03 05:23:54 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=obBedr2UOoU2yNe&MD=DdSnfapD HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                                                                                    2024-05-03 05:23:54 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                    ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                    MS-CorrelationId: 200aea08-d0cf-4c8b-880d-7cc0dc5f32ab
                                                                                                                                                                                    MS-RequestId: f9fd1eb7-b586-4b1d-a606-216cfdafb4a4
                                                                                                                                                                                    MS-CV: 6UuE6S7Eski2zvus.0
                                                                                                                                                                                    X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Date: Fri, 03 May 2024 05:23:54 GMT
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Content-Length: 25457
                                                                                                                                                                                    2024-05-03 05:23:54 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                    Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                    2024-05-03 05:23:54 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                    Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:07:22:51
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.11739.16980.exe"
                                                                                                                                                                                    Imagebase:0x580000
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5 hash:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.1901048371.0000000001983000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.1901198665.0000000001994000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.1901048371.0000000001993000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2086799247.000000000183E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2087269629.0000000001983000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2086799247.00000000018DC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:07:22:55
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                    Imagebase:0x530000
                                                                                                                                                                                    File size:187'904 bytes
                                                                                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:07:22:55
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                    Start time:07:22:55
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                    Imagebase:0x530000
                                                                                                                                                                                    File size:187'904 bytes
                                                                                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                    Start time:07:22:55
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:07:22:57
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:07:22:57
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                    Start time:07:22:57
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    Imagebase:0x760000
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5 hash:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2104214514.00000000017CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.2104666258.000000000186E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.1997073810.0000000001890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.1996378466.0000000001890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.1996163003.0000000001890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.2027506796.0000000001892000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.2104822243.0000000001894000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.2104214514.000000000173D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.2027559370.000000000186E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 50%, ReversingLabs
                                                                                                                                                                                    • Detection: 58%, Virustotal, Browse
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                    Start time:07:22:57
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                    Imagebase:0x760000
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5 hash:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000002.2092162134.0000000001A27000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000002.2092743314.0000000001B18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2092162134.0000000001AB1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.2025987376.0000000001B61000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.2026230623.0000000001B6B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.2026205617.0000000001B62000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000002.2092977467.0000000001B6C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.2025987376.0000000001B16000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                    Start time:07:22:57
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                    Start time:07:22:58
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4433995280801359943,15790253874222841577,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                    Start time:07:23:10
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                    Imagebase:0x720000
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5 hash:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.2099657926.0000000001AB2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000D.00000002.2099657926.0000000001A2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 50%, ReversingLabs
                                                                                                                                                                                    • Detection: 58%, Virustotal, Browse
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                    Start time:07:23:15
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=2032,i,13373424599956482758,2622410995844212760,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                    Start time:07:23:19
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                    Imagebase:0x720000
                                                                                                                                                                                    File size:3'197'440 bytes
                                                                                                                                                                                    MD5 hash:8D6E0FA54DF379D380222A4051AB848C
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                    Start time:07:23:19
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 1980
                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                    Start time:07:23:31
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 2004
                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                    Start time:07:23:31
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 1260
                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                    Start time:07:23:32
                                                                                                                                                                                    Start date:03/05/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 1896
                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:23.6%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:46.2%
                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                      Total number of Limit Nodes:58
                                                                                                                                                                                      execution_graph 46381 599950 46382 599968 46381->46382 46383 599978 std::ios_base::_Ios_base_dtor 46381->46383 46382->46383 46393 5b8c60 46382->46393 46398 5b8b9c 43 API calls __fread_nolock 46393->46398 46395 5b8c6f 46399 5b8c7d 11 API calls std::locale::_Setgloballocale 46395->46399 46397 5b8c7c 46398->46395 46399->46397 46400 5a0ad0 46405 5a14a0 46400->46405 46402 5a0b2a 46403 5a0ae0 46403->46402 46410 5a9e20 46403->46410 46407 5a14cb 46405->46407 46406 5a14ee 46406->46403 46407->46406 46408 5a9e20 43 API calls 46407->46408 46409 5a150b 46408->46409 46409->46403 46411 5a9e62 46410->46411 46412 5a9f76 46410->46412 46414 5a9e7c 46411->46414 46416 5a9eca 46411->46416 46417 5a9eba 46411->46417 46438 583330 RaiseException 46412->46438 46428 5b3662 46414->46428 46415 5a9f7b 46439 582b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error 46415->46439 46420 5b3662 std::_Facet_Register 16 API calls 46416->46420 46425 5a9e9a std::locale::_Locimp::_Locimp 46416->46425 46417->46414 46417->46415 46420->46425 46421 5a9f80 46423 5b8c60 std::_Throw_Cpp_error 43 API calls 46421->46423 46422 5a9e8f 46422->46421 46422->46425 46424 5a9f85 46423->46424 46437 5a77d0 43 API calls 2 library calls 46425->46437 46427 5a9f47 46427->46402 46431 5b3667 46428->46431 46430 5b3681 46430->46422 46431->46430 46434 582b50 Concurrency::cancel_current_task 46431->46434 46440 5c23dc 46431->46440 46450 5c5a79 RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 46431->46450 46433 5b368d 46433->46433 46434->46433 46447 5b51eb 46434->46447 46436 582b6c 46436->46422 46437->46427 46439->46421 46442 5cb086 __dosmaperr 46440->46442 46441 5cb0c4 46452 5c16ef 14 API calls __dosmaperr 46441->46452 46442->46441 46444 5cb0af RtlAllocateHeap 46442->46444 46451 5c5a79 RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 46442->46451 46444->46442 46445 5cb0c2 46444->46445 46445->46431 46448 5b5232 RaiseException 46447->46448 46449 5b5205 46447->46449 46448->46436 46449->46448 46450->46431 46451->46442 46452->46445 46453 87eb8c 46454 87eb99 VirtualAlloc 46453->46454 46456 6c6ce0 46457 6c6cf5 46456->46457 46471 6c6db3 46456->46471 46458 6c6d5d 46457->46458 46459 6c6cf9 46457->46459 46460 6c6dde 46458->46460 46462 6c6d6d 46458->46462 46466 6c6d19 46459->46466 46492 6c7470 46459->46492 46474 679280 46460->46474 46465 6c6d7b 46462->46465 46468 6c7470 15 API calls 46462->46468 46464 6c6de3 46467 6c6de7 46464->46467 46485 6c6f70 46464->46485 46470 6c6d88 std::locale::_Locimp::_Locimp 46468->46470 46470->46471 46498 6c7110 46470->46498 46475 679293 46474->46475 46476 67929c __fread_nolock 46474->46476 46475->46464 46477 679280 15 API calls 46476->46477 46484 6795e9 46476->46484 46478 6795c1 46477->46478 46479 6c7470 15 API calls 46478->46479 46478->46484 46480 6795d0 46479->46480 46481 6c7110 14 API calls 46480->46481 46480->46484 46482 6795e1 46481->46482 46483 679280 15 API calls 46482->46483 46483->46484 46484->46464 46486 6c6f94 46485->46486 46487 6c6f84 46485->46487 46490 6c7110 14 API calls 46486->46490 46491 6c6f9e 46486->46491 46488 6c7470 15 API calls 46487->46488 46489 6c6f8a 46488->46489 46489->46471 46490->46491 46491->46471 46493 6c74cd 46492->46493 46494 6c7481 46492->46494 46493->46466 46496 6c74c0 46494->46496 46502 6c74e0 46494->46502 46496->46466 46497 6c74a7 46497->46466 46499 6c6dd4 46498->46499 46500 6c711b 46498->46500 46500->46499 46509 5c1c86 46500->46509 46503 6c74f5 46502->46503 46506 6c7b00 46503->46506 46504 6c753f 46504->46497 46507 5c23dc std::_Facet_Register 15 API calls 46506->46507 46508 6c7b16 46507->46508 46508->46504 46512 5cb00c 46509->46512 46513 5c1c9e 46512->46513 46514 5cb017 RtlFreeHeap 46512->46514 46513->46499 46514->46513 46515 5cb02c GetLastError 46514->46515 46516 5cb039 __dosmaperr 46515->46516 46518 5c16ef 14 API calls __dosmaperr 46516->46518 46518->46513 46519 5de090 46574 58b8e0 46519->46574 46521 5de0f1 47213 59ab20 46521->47213 46524 5def8e 46526 582df0 std::_Throw_Cpp_error 43 API calls 46524->46526 46525 5de7f4 47218 5963b0 46525->47218 46527 5def9d 46526->46527 46528 5de82d 46528->46524 46531 59ab20 43 API calls 46528->46531 46530 5de808 47223 65c3e0 46530->47223 46533 5de8b1 CreateDirectoryA 46531->46533 46535 5def7c 46533->46535 46556 5de8df 46533->46556 48464 582df0 46535->48464 46538 5def43 46539 5963b0 std::_Throw_Cpp_error 43 API calls 46538->46539 46540 5def57 46539->46540 47364 6549b0 46540->47364 46544 664050 89 API calls 46557 5de19c 46544->46557 46545 59ab20 43 API calls 46545->46556 46546 5de30e CreateDirectoryA 46546->46557 46547 5dea51 CreateDirectoryA 46547->46556 46548 582df0 43 API calls std::_Throw_Cpp_error 46548->46556 46549 59ad80 43 API calls 46549->46556 46550 5de401 CreateDirectoryA 46550->46557 46551 59ab20 43 API calls 46551->46557 46552 664050 89 API calls 46552->46556 46553 5deb44 CreateDirectoryA 46553->46556 46554 59ad80 43 API calls 46554->46557 46556->46538 46556->46545 46556->46547 46556->46548 46556->46549 46556->46552 46556->46553 46559 582cf0 std::_Throw_Cpp_error 43 API calls 46556->46559 46563 59ae20 43 API calls 46556->46563 46565 5dec31 CreateDirectoryA 46556->46565 46567 5962c0 43 API calls 46556->46567 46571 5dee92 CreateDirectoryA 46556->46571 46572 5963b0 43 API calls std::_Throw_Cpp_error 46556->46572 46573 65d2b0 206 API calls 46556->46573 48463 596290 43 API calls 46556->48463 46557->46525 46557->46544 46557->46546 46557->46550 46557->46551 46557->46554 46558 5de4ee CreateDirectoryA 46557->46558 46562 5962c0 43 API calls 46557->46562 46564 582df0 43 API calls std::_Throw_Cpp_error 46557->46564 46568 5de743 CreateDirectoryA 46557->46568 46569 5963b0 43 API calls std::_Throw_Cpp_error 46557->46569 48223 596290 43 API calls 46557->48223 48224 582cf0 46557->48224 48228 59ae20 46557->48228 48231 65d2b0 46557->48231 46558->46557 46559->46556 46562->46557 46563->46556 46564->46557 46565->46556 46567->46556 46568->46557 46569->46557 46571->46556 46572->46556 46573->46556 46575 58b916 46574->46575 46576 58c004 46575->46576 46578 59ab20 43 API calls 46575->46578 46577 58f393 46576->46577 46579 59ab20 43 API calls 46576->46579 46580 591da6 46577->46580 46583 59ab20 43 API calls 46577->46583 46581 58b9e7 CreateDirectoryA 46578->46581 46582 58c0ab CreateDirectoryA 46579->46582 46584 592294 46580->46584 46592 59ab20 43 API calls 46580->46592 46585 58bff2 46581->46585 46586 58ba12 46581->46586 46589 58f381 46582->46589 46590 58c0d6 46582->46590 46591 58f43a CreateDirectoryA 46583->46591 46584->46521 46587 582df0 std::_Throw_Cpp_error 43 API calls 46585->46587 46588 59ab20 43 API calls 46586->46588 46587->46576 46593 58bab4 CreateDirectoryA 46588->46593 46594 582df0 std::_Throw_Cpp_error 43 API calls 46589->46594 46595 59ab20 43 API calls 46590->46595 46596 591d94 46591->46596 46597 58f465 46591->46597 46598 591e4d CreateDirectoryA 46592->46598 46599 58bc4c 46593->46599 46600 58bae2 __fread_nolock 46593->46600 46594->46577 46601 58c178 CreateDirectoryA 46595->46601 46602 582df0 std::_Throw_Cpp_error 43 API calls 46596->46602 46603 59ab20 43 API calls 46597->46603 46604 591e78 46598->46604 46605 592282 46598->46605 46610 59ab20 43 API calls 46599->46610 46613 58baf5 SHGetFolderPathA 46600->46613 46607 58c4b9 46601->46607 46608 58c1a0 46601->46608 46602->46580 46609 58f507 CreateDirectoryA 46603->46609 46611 59ab20 43 API calls 46604->46611 46606 582df0 std::_Throw_Cpp_error 43 API calls 46605->46606 46606->46584 46612 59ab20 43 API calls 46607->46612 46614 582cf0 std::_Throw_Cpp_error 43 API calls 46608->46614 46615 58f52f 46609->46615 46616 58f877 46609->46616 46617 58bcea CreateDirectoryA 46610->46617 46618 591fa0 CreateDirectoryA 46611->46618 46619 58c557 CreateDirectoryA 46612->46619 46620 582cf0 std::_Throw_Cpp_error 43 API calls 46613->46620 46622 58c2be 46614->46622 48555 583040 46615->48555 46621 59ab20 43 API calls 46616->46621 46623 58bfbf 46617->46623 46624 58bd12 __fread_nolock 46617->46624 46625 591fc8 46618->46625 46853 59225e 46618->46853 46626 58d1de 46619->46626 46627 58c57f 46619->46627 46628 58bba1 46620->46628 46629 58f915 CreateDirectoryA 46621->46629 46650 59ace0 43 API calls 46622->46650 46630 58bfd1 46623->46630 46636 663b20 96 API calls 46623->46636 46641 58bd25 SHGetFolderPathA 46624->46641 46644 583040 std::_Throw_Cpp_error 43 API calls 46625->46644 46640 59ab20 43 API calls 46626->46640 46632 582cf0 std::_Throw_Cpp_error 43 API calls 46627->46632 48475 59ace0 46628->48475 46634 58fb99 46629->46634 46635 58f93d 46629->46635 46637 582df0 std::_Throw_Cpp_error 43 API calls 46630->46637 46631 663b20 96 API calls 46638 592270 46631->46638 46646 58c727 46632->46646 46645 59ab20 43 API calls 46634->46645 46648 582cf0 std::_Throw_Cpp_error 43 API calls 46635->46648 46636->46630 46649 58bfe3 46637->46649 46661 582df0 std::_Throw_Cpp_error 43 API calls 46638->46661 46642 58d27c CreateDirectoryA 46640->46642 46643 582cf0 std::_Throw_Cpp_error 43 API calls 46641->46643 46652 58d63c 46642->46652 46653 58d2a4 46642->46653 46654 58be57 46643->46654 46655 59211c 46644->46655 46656 58fc37 CreateDirectoryA 46645->46656 46672 59ace0 43 API calls 46646->46672 46658 58fa5b 46648->46658 46659 582df0 std::_Throw_Cpp_error 43 API calls 46649->46659 46660 58c367 46650->46660 46651 58f704 46669 59ace0 43 API calls 46651->46669 46666 59ab20 43 API calls 46652->46666 46680 582cf0 std::_Throw_Cpp_error 43 API calls 46653->46680 46662 59ace0 43 API calls 46654->46662 46682 59ace0 43 API calls 46655->46682 46663 58fc5f 46656->46663 46664 58fe35 46656->46664 46657 582df0 std::_Throw_Cpp_error 43 API calls 46665 58bbc9 46657->46665 46687 59ace0 43 API calls 46658->46687 46659->46585 46667 582df0 std::_Throw_Cpp_error 43 API calls 46660->46667 46661->46605 46670 58be6d 46662->46670 46671 582cf0 std::_Throw_Cpp_error 43 API calls 46663->46671 46674 59ab20 43 API calls 46664->46674 48479 664050 46665->48479 46675 58d6da CreateDirectoryA 46666->46675 46668 58c379 46667->46668 46678 582cf0 std::_Throw_Cpp_error 43 API calls 46668->46678 46679 58f7b1 46669->46679 46681 582df0 std::_Throw_Cpp_error 43 API calls 46670->46681 46683 58fcf7 46671->46683 46684 58c7d0 46672->46684 46686 58fed3 CreateDirectoryA 46674->46686 46676 58da1b 46675->46676 46677 58d702 46675->46677 46694 59ab20 43 API calls 46676->46694 46688 582cf0 std::_Throw_Cpp_error 43 API calls 46677->46688 46689 58c39b 46678->46689 46690 58f7d6 46679->46690 48632 582fe0 43 API calls 2 library calls 46679->48632 46691 58d3bb 46680->46691 46692 58be7f 46681->46692 46693 5921c9 46682->46693 46724 59ace0 43 API calls 46683->46724 46695 582df0 std::_Throw_Cpp_error 43 API calls 46684->46695 46697 58fefb 46686->46697 46698 590e56 46686->46698 46699 58fb04 46687->46699 46708 58d820 46688->46708 46709 664120 81 API calls 46689->46709 46703 664050 89 API calls 46690->46703 46732 59ace0 43 API calls 46691->46732 46702 582cf0 std::_Throw_Cpp_error 43 API calls 46692->46702 46712 582df0 std::_Throw_Cpp_error 43 API calls 46693->46712 46704 58dab9 CreateDirectoryA 46694->46704 46705 58c7e2 46695->46705 46707 582cf0 std::_Throw_Cpp_error 43 API calls 46697->46707 46711 59ab20 43 API calls 46698->46711 46700 582df0 std::_Throw_Cpp_error 43 API calls 46699->46700 46713 58fb16 46700->46713 46714 58bea1 46702->46714 46715 58f80d 46703->46715 46716 58de80 46704->46716 46717 58dae1 46704->46717 46718 582cf0 std::_Throw_Cpp_error 43 API calls 46705->46718 46720 58ff97 46707->46720 46745 59ace0 43 API calls 46708->46745 46721 58c3a8 46709->46721 46722 590ef4 CreateDirectoryA 46711->46722 46723 5921db 46712->46723 46725 664050 89 API calls 46713->46725 48494 664120 46714->48494 46739 5963b0 std::_Throw_Cpp_error 43 API calls 46715->46739 46831 58f84c 46715->46831 46727 59ab20 43 API calls 46716->46727 46728 582cf0 std::_Throw_Cpp_error 43 API calls 46717->46728 46729 58c804 46718->46729 46759 59ace0 43 API calls 46720->46759 46731 58c49b 46721->46731 46746 59ab20 43 API calls 46721->46746 46733 590f1c 46722->46733 47028 591842 46722->47028 46734 664050 89 API calls 46723->46734 46735 58fda0 46724->46735 46736 58fb2f 46725->46736 46738 58df1e CreateDirectoryA 46727->46738 46740 58dc85 46728->46740 46742 664120 81 API calls 46729->46742 46752 663b20 96 API calls 46731->46752 46747 58d464 46732->46747 46749 582cf0 std::_Throw_Cpp_error 43 API calls 46733->46749 46750 5921f4 46734->46750 46751 582df0 std::_Throw_Cpp_error 43 API calls 46735->46751 46765 5963b0 std::_Throw_Cpp_error 43 API calls 46736->46765 46868 58fb6e 46736->46868 46755 58f825 46739->46755 46741 59ab20 43 API calls 46757 58c811 46742->46757 46744 663b20 96 API calls 46856 58f853 46744->46856 46760 58d8c9 46745->46760 46761 58c451 46746->46761 46762 582df0 std::_Throw_Cpp_error 43 API calls 46747->46762 46779 5963b0 std::_Throw_Cpp_error 43 API calls 46750->46779 46865 592233 46750->46865 46763 58fdb2 46751->46763 46764 58c4a7 46752->46764 46770 5963b0 std::_Throw_Cpp_error 43 API calls 46755->46770 46772 58c98c 46757->46772 46791 59ab20 43 API calls 46757->46791 46774 590040 46759->46774 46775 582df0 std::_Throw_Cpp_error 43 API calls 46760->46775 46776 58c460 46761->46776 46777 58c462 CopyFileA 46761->46777 46778 58d476 46762->46778 46780 664050 89 API calls 46763->46780 46781 582df0 std::_Throw_Cpp_error 43 API calls 46764->46781 46782 58fb47 46765->46782 46766 663b20 96 API calls 46783 59223a 46766->46783 46787 58f83d 46770->46787 46771 663b20 96 API calls 46788 58fb75 46771->46788 46776->46777 46799 582df0 std::_Throw_Cpp_error 43 API calls 46777->46799 46801 582cf0 std::_Throw_Cpp_error 43 API calls 46778->46801 46803 59220c 46779->46803 46781->46607 46827 582df0 std::_Throw_Cpp_error 43 API calls 46783->46827 46794 582df0 std::_Throw_Cpp_error 43 API calls 46794->46616 46819 58d498 46801->46819 46821 5963b0 std::_Throw_Cpp_error 43 API calls 46803->46821 46824 592224 46821->46824 46827->46853 46831->46744 46831->46856 46853->46631 46853->46638 46856->46794 46865->46766 46865->46783 46868->46771 46868->46788 47028->46741 47214 59ab55 47213->47214 47215 59aba3 47214->47215 47216 59e8a0 43 API calls 47214->47216 47217 59ab83 CreateDirectoryA 47216->47217 47217->46528 47217->46557 47219 5963d8 47218->47219 47220 5963e7 47219->47220 47221 5832d0 std::_Throw_Cpp_error 43 API calls 47219->47221 47220->46530 47222 59642a std::locale::_Locimp::_Locimp 47221->47222 47222->46530 49231 5b59a0 47223->49231 47226 65c500 47226->47226 47227 583040 std::_Throw_Cpp_error 43 API calls 47226->47227 47228 65c51c 47227->47228 47365 6549e6 __fread_nolock 47364->47365 47366 654a04 SHGetFolderPathA 47365->47366 47367 5b59a0 __fread_nolock 47366->47367 47368 654a31 SHGetFolderPathA 47367->47368 48223->46557 48225 582d13 48224->48225 48225->48225 48226 583040 std::_Throw_Cpp_error 43 API calls 48225->48226 48227 582d25 48226->48227 48227->46557 49341 59e710 48228->49341 48230 59ae54 48230->46557 48232 59ab20 43 API calls 48231->48232 48235 65d40f 48232->48235 48233 582df0 std::_Throw_Cpp_error 43 API calls 48234 65d4a2 FindFirstFileA 48233->48234 48242 65d93f std::ios_base::_Ios_base_dtor 48234->48242 48307 65d4cf std::locale::_Locimp::_Locimp 48234->48307 48236 65da6c 48235->48236 48237 65d44f std::ios_base::_Ios_base_dtor 48235->48237 48238 5b8c60 std::_Throw_Cpp_error 43 API calls 48236->48238 48237->48233 48239 65da71 48238->48239 48243 5b8c60 std::_Throw_Cpp_error 43 API calls 48239->48243 48240 65d914 FindNextFileA 48241 65d92b FindClose GetLastError 48240->48241 48240->48307 48241->48242 48242->48239 48244 65da20 std::ios_base::_Ios_base_dtor 48242->48244 48245 65da7b 48243->48245 48246 582df0 std::_Throw_Cpp_error 43 API calls 48244->48246 48250 59ab20 43 API calls 48245->48250 48247 65da48 48246->48247 48248 582df0 std::_Throw_Cpp_error 43 API calls 48247->48248 48249 598f00 43 API calls std::_Throw_Cpp_error 48249->48307 48253 65dbea 48250->48253 48252 582df0 43 API calls std::_Throw_Cpp_error 48252->48307 48254 5b9810 45 API calls 48253->48254 48259 59e8a0 43 API calls 48259->48307 48282 65d8ef CopyFileA 48288 65d950 GetLastError 48282->48288 48282->48307 48286 664050 89 API calls 48286->48307 48288->48242 48290 65d77d CreateDirectoryA 48290->48288 48290->48307 48307->48239 48307->48240 48307->48242 48307->48249 48307->48252 48307->48259 48307->48282 48307->48286 48307->48290 48309 65d2b0 158 API calls 48307->48309 48310 5832d0 43 API calls std::_Throw_Cpp_error 48307->48310 48309->48307 48310->48307 48463->46556 48465 582e13 48464->48465 48466 582e2e std::ios_base::_Ios_base_dtor 48464->48466 48465->48466 48467 5b8c60 std::_Throw_Cpp_error 43 API calls 48465->48467 48466->46524 48468 582e5f 48467->48468 48469 582e88 48468->48469 48470 5832d0 std::_Throw_Cpp_error 43 API calls 48468->48470 48469->46524 48472 582eee std::locale::_Locimp::_Locimp 48470->48472 48471 582f3c std::locale::_Locimp::_Locimp 48471->46524 48472->48471 49780 582fe0 43 API calls 2 library calls 48472->49780 48474 582f2b 48474->46524 48476 59ad10 48475->48476 48476->48476 48652 59fbf0 48476->48652 48478 58bbb7 48478->46657 48662 5b2b89 48479->48662 48495 5b9810 45 API calls 48494->48495 48496 6641df 48495->48496 48556 5830c8 48555->48556 48558 583052 48555->48558 48557 583057 std::locale::_Locimp::_Locimp 48557->46651 48558->48557 48559 5832d0 std::_Throw_Cpp_error 43 API calls 48558->48559 48560 5830a3 std::locale::_Locimp::_Locimp 48559->48560 48560->46651 48632->46690 48654 59fc8d 48652->48654 48658 59fc12 std::locale::_Locimp::_Locimp 48652->48658 48653 59fd5e 48654->48653 48655 5832d0 std::_Throw_Cpp_error 43 API calls 48654->48655 48656 59fce1 std::locale::_Locimp::_Locimp 48655->48656 48657 59fd3a std::locale::_Locimp::_Locimp 48656->48657 48661 582fe0 43 API calls 2 library calls 48656->48661 48657->48478 48658->48478 48660 59fd27 48660->48478 48661->48660 48676 5b2bb8 GetCurrentThreadId 48662->48676 48677 5b2be2 48676->48677 48678 5b2c01 48676->48678 48679 5b2be7 RtlAcquireSRWLockExclusive 48677->48679 48688 5b2bf7 48677->48688 48680 5b2c0a 48678->48680 48685 5b2c21 48678->48685 48679->48688 48680->48688 49232 5b59b7 SHGetFolderPathA 49231->49232 49232->47226 49342 59e753 49341->49342 49343 5832d0 std::_Throw_Cpp_error 43 API calls 49342->49343 49344 59e758 std::locale::_Locimp::_Locimp 49342->49344 49345 59e843 std::locale::_Locimp::_Locimp 49343->49345 49344->48230 49345->48230 49780->48474 49781 5e3650 49856 5e3699 49781->49856 49782 5e36b1 49783 582df0 std::_Throw_Cpp_error 43 API calls 49782->49783 49784 5e59a2 49782->49784 49783->49782 49786 59ab20 43 API calls 49784->49786 49785 59ab20 43 API calls 49785->49856 49787 5e5a89 49786->49787 49788 664050 89 API calls 49787->49788 49789 5e5aaf 49788->49789 49790 5e5ab3 CreateDirectoryA 49789->49790 49792 5e5ade 49789->49792 49790->49792 49797 5e65f7 49790->49797 49791 5e6849 49794 582df0 std::_Throw_Cpp_error 43 API calls 49791->49794 49793 5e65dc 49792->49793 49857 59b260 49792->49857 49793->49797 49799 663b20 96 API calls 49793->49799 49796 5e685b 49794->49796 49798 5985d0 79 API calls 49796->49798 49797->49791 49801 59ab20 43 API calls 49797->49801 49800 5e6867 49798->49800 49799->49797 49803 5e6742 49801->49803 49802 5e65cd 49881 588ab0 43 API calls std::ios_base::_Ios_base_dtor 49802->49881 49806 5b9810 45 API calls 49803->49806 49805 663b20 96 API calls 49805->49856 49807 5e676a 49806->49807 49809 582df0 std::_Throw_Cpp_error 43 API calls 49807->49809 49808 588ab0 43 API calls 49808->49856 49813 5e6784 49809->49813 49810 5e6843 49812 5bd098 81 API calls 49810->49812 49811 5930f0 43 API calls 49811->49856 49812->49791 49813->49791 49813->49810 49814 583350 81 API calls 49813->49814 49814->49813 49815 59b260 43 API calls 49850 5e5b06 49815->49850 49816 59b260 43 API calls 49816->49856 49818 5963b0 43 API calls std::_Throw_Cpp_error 49818->49856 49819 59ac50 43 API calls 49819->49850 49820 5963b0 43 API calls std::_Throw_Cpp_error 49820->49850 49821 596240 43 API calls 49821->49850 49822 596240 43 API calls 49822->49856 49824 664050 89 API calls 49824->49850 49825 582cf0 43 API calls std::_Throw_Cpp_error 49825->49850 49826 5e5cc9 CreateDirectoryA 49826->49850 49827 59ac50 43 API calls 49827->49856 49828 596210 43 API calls 49828->49856 49829 5b9810 45 API calls 49829->49850 49830 5e5dd8 CreateDirectoryA 49830->49850 49831 664050 89 API calls 49831->49856 49832 59ae20 43 API calls 49832->49850 49833 59ae20 43 API calls 49833->49856 49834 5b9810 45 API calls 49834->49856 49835 59abb0 43 API calls 49835->49850 49836 663fc0 88 API calls 49836->49856 49837 582df0 43 API calls std::_Throw_Cpp_error 49837->49850 49838 5930f0 43 API calls 49838->49850 49839 59abb0 43 API calls 49839->49856 49840 593200 43 API calls 49840->49850 49841 5bd098 81 API calls 49841->49850 49842 5bd098 81 API calls 49842->49856 49843 593200 43 API calls 49843->49856 49844 582cf0 43 API calls std::_Throw_Cpp_error 49844->49856 49845 582df0 43 API calls std::_Throw_Cpp_error 49845->49856 49846 59af80 43 API calls 49846->49850 49847 59b400 43 API calls 49847->49850 49848 59af80 43 API calls 49848->49856 49849 583350 81 API calls 49849->49850 49850->49802 49850->49815 49850->49819 49850->49820 49850->49821 49850->49824 49850->49825 49850->49826 49850->49829 49850->49830 49850->49832 49850->49835 49850->49837 49850->49838 49850->49840 49850->49841 49850->49846 49850->49847 49850->49849 49878 596210 43 API calls std::_Throw_Cpp_error 49850->49878 49879 595310 46 API calls std::_Throw_Cpp_error 49850->49879 49880 588ab0 43 API calls std::ios_base::_Ios_base_dtor 49850->49880 49852 59bae0 43 API calls 49852->49856 49853 59b400 43 API calls 49853->49856 49854 59b1e0 43 API calls 49854->49856 49855 583350 81 API calls 49855->49856 49856->49782 49856->49785 49856->49805 49856->49808 49856->49811 49856->49816 49856->49818 49856->49822 49856->49827 49856->49828 49856->49831 49856->49833 49856->49834 49856->49836 49856->49839 49856->49842 49856->49843 49856->49844 49856->49845 49856->49848 49856->49852 49856->49853 49856->49854 49856->49855 49858 5b3662 std::_Facet_Register 16 API calls 49857->49858 49859 59b2b8 49858->49859 49860 59b2e2 49859->49860 49863 59b3b4 49859->49863 49861 5b3662 std::_Facet_Register 16 API calls 49860->49861 49862 59b2f7 49861->49862 49882 5ae7d0 49862->49882 49864 582cf0 std::_Throw_Cpp_error 43 API calls 49863->49864 49865 59b3c4 49864->49865 49867 59ace0 43 API calls 49865->49867 49868 59b3d9 49867->49868 49899 587cf0 49868->49899 49869 59b33b 49871 59b352 49869->49871 49873 59d1d0 43 API calls 49869->49873 49894 59d1d0 49871->49894 49873->49871 49876 59b390 std::ios_base::_Ios_base_dtor 49876->49850 49878->49850 49879->49850 49880->49850 49881->49793 49883 5ae9ef 49882->49883 49889 5ae81a 49882->49889 49883->49869 49885 5aea0a 49957 587260 RaiseException 49885->49957 49887 5b3662 std::_Facet_Register 16 API calls 49887->49889 49888 5963b0 43 API calls std::_Throw_Cpp_error 49888->49889 49889->49883 49889->49885 49889->49887 49889->49888 49891 582df0 std::_Throw_Cpp_error 43 API calls 49889->49891 49924 593d50 49889->49924 49890 5aea0f 49892 5aea2d 49890->49892 49958 5ad690 43 API calls std::_Throw_Cpp_error 49890->49958 49891->49889 49892->49869 49895 59d1f8 std::ios_base::_Ios_base_dtor 49894->49895 49898 59d24d 49894->49898 49896 59d1d0 43 API calls 49895->49896 49897 582df0 std::_Throw_Cpp_error 43 API calls 49895->49897 49895->49898 49896->49895 49897->49895 49898->49876 49964 587350 43 API calls 3 library calls 49899->49964 49901 587d80 49902 59ad80 43 API calls 49901->49902 49903 587d94 49902->49903 49904 582df0 std::_Throw_Cpp_error 43 API calls 49903->49904 49905 587da3 49904->49905 49906 587dcd std::ios_base::_Ios_base_dtor 49905->49906 49907 587e33 49905->49907 49925 593d8f 49924->49925 49950 593df7 std::locale::_Locimp::_Locimp 49924->49950 49926 593e69 49925->49926 49927 593f7d 49925->49927 49928 593f1e 49925->49928 49929 593d96 49925->49929 49925->49950 49931 5b3662 std::_Facet_Register 16 API calls 49926->49931 49933 5b3662 std::_Facet_Register 16 API calls 49927->49933 49961 597e80 43 API calls 2 library calls 49928->49961 49932 5b3662 std::_Facet_Register 16 API calls 49929->49932 49934 593e73 49931->49934 49935 593da0 49932->49935 49936 593f8a 49933->49936 49934->49950 49960 5abf20 43 API calls 3 library calls 49934->49960 49937 5b3662 std::_Facet_Register 16 API calls 49935->49937 49940 59408e 49936->49940 49941 593fd3 49936->49941 49936->49950 49939 593dd2 49937->49939 49959 5af450 43 API calls 2 library calls 49939->49959 49962 583330 RaiseException 49940->49962 49945 593fdb 49941->49945 49946 594004 49941->49946 49942 593eb1 49942->49950 49953 593d50 43 API calls 49942->49953 49948 594093 49945->49948 49949 593fe6 49945->49949 49947 5b3662 std::_Facet_Register 16 API calls 49946->49947 49947->49950 49950->49889 49953->49942 49957->49890 49958->49890 49959->49950 49960->49942 49961->49950 49964->49901 49966 5e1c30 49967 5e1c80 49966->49967 49968 59ab20 43 API calls 49967->49968 49969 5e1d54 49968->49969 49970 664050 89 API calls 49969->49970 49971 5e1d7a 49970->49971 49973 5e1d9d 49971->49973 50036 663fc0 49971->50036 49974 5e27bf 49973->49974 49975 59b260 43 API calls 49973->49975 49977 5e27de 49973->49977 49976 663b20 96 API calls 49974->49976 49974->49977 50024 5e1dcd 49975->50024 49976->49977 49979 59ab20 43 API calls 49977->49979 49978 5e27b0 50050 588ab0 43 API calls std::ios_base::_Ios_base_dtor 49978->50050 49980 5e28c3 49979->49980 49982 664050 89 API calls 49980->49982 49983 5e28e9 49982->49983 49984 663fc0 88 API calls 49983->49984 49986 5e290c 49983->49986 49984->49986 49985 5e3349 49989 582df0 std::_Throw_Cpp_error 43 API calls 49985->49989 49986->49985 49987 5e332e 49986->49987 49988 59b260 43 API calls 49986->49988 49987->49985 49990 663b20 96 API calls 49987->49990 50025 5e293c 49988->50025 49991 5e335b 49989->49991 49990->49985 49992 582df0 std::_Throw_Cpp_error 43 API calls 49991->49992 49994 5e336a 49992->49994 49993 5e331f 50053 588ab0 43 API calls std::ios_base::_Ios_base_dtor 49993->50053 49996 59b260 43 API calls 49996->50024 49998 593200 43 API calls 49998->50025 49999 5963b0 43 API calls std::_Throw_Cpp_error 49999->50024 50000 59b260 43 API calls 50000->50025 50001 596240 43 API calls 50001->50024 50004 59ac50 43 API calls 50004->50024 50005 663fc0 88 API calls 50005->50024 50006 5963b0 43 API calls std::_Throw_Cpp_error 50006->50025 50007 664050 89 API calls 50007->50024 50008 5b9810 45 API calls 50008->50024 50009 59ae20 43 API calls 50009->50024 50010 59abb0 43 API calls 50010->50024 50012 596240 43 API calls 50012->50025 50013 664050 89 API calls 50013->50025 50014 5930f0 43 API calls 50014->50024 50015 582cf0 43 API calls std::_Throw_Cpp_error 50015->50025 50016 663fc0 88 API calls 50016->50025 50017 593200 43 API calls 50017->50024 50018 5bd098 81 API calls 50018->50024 50019 5b9810 45 API calls 50019->50025 50020 582df0 43 API calls std::_Throw_Cpp_error 50020->50024 50021 59ac50 43 API calls 50021->50025 50022 582cf0 43 API calls std::_Throw_Cpp_error 50022->50024 50023 59ae20 43 API calls 50023->50025 50024->49978 50024->49996 50024->49999 50024->50001 50024->50004 50024->50005 50024->50007 50024->50008 50024->50009 50024->50010 50024->50014 50024->50017 50024->50018 50024->50020 50024->50022 50030 59b400 43 API calls 50024->50030 50031 583350 81 API calls 50024->50031 50032 59af80 43 API calls 50024->50032 50048 596210 43 API calls std::_Throw_Cpp_error 50024->50048 50049 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50024->50049 50025->49993 50025->49998 50025->50000 50025->50006 50025->50012 50025->50013 50025->50015 50025->50016 50025->50019 50025->50021 50025->50023 50026 59abb0 43 API calls 50025->50026 50027 5930f0 43 API calls 50025->50027 50028 5bd098 81 API calls 50025->50028 50029 582df0 43 API calls std::_Throw_Cpp_error 50025->50029 50033 583350 81 API calls 50025->50033 50034 59af80 43 API calls 50025->50034 50035 59b400 43 API calls 50025->50035 50051 596210 43 API calls std::_Throw_Cpp_error 50025->50051 50052 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50025->50052 50026->50025 50027->50025 50028->50025 50029->50025 50030->50024 50031->50024 50032->50024 50033->50025 50034->50025 50035->50025 50037 5b2b89 12 API calls 50036->50037 50038 663fed 50037->50038 50039 663ff4 50038->50039 50040 664032 50038->50040 50041 664000 CreateDirectoryA 50039->50041 50042 664039 50039->50042 50043 5b2524 std::_Throw_Cpp_error 79 API calls 50040->50043 50044 5b2b9a RtlReleaseSRWLockExclusive 50041->50044 50045 5b2524 std::_Throw_Cpp_error 79 API calls 50042->50045 50043->50042 50046 66401e 50044->50046 50047 66404a 50045->50047 50046->49973 50048->50024 50049->50024 50050->49974 50051->50025 50052->50025 50053->49987 50054 5c672c 50057 5c6478 50054->50057 50058 5c6484 __fread_nolock 50057->50058 50065 5c423b RtlEnterCriticalSection 50058->50065 50060 5c6492 50066 5c64d3 50060->50066 50062 5c649f 50076 5c64c7 RtlLeaveCriticalSection std::_Lockit::~_Lockit 50062->50076 50064 5c64b0 50065->50060 50067 5c64ee 50066->50067 50068 5c6561 std::locale::_Setgloballocale 50066->50068 50067->50068 50069 5c6541 50067->50069 50077 5d11b9 50067->50077 50068->50062 50069->50068 50071 5d11b9 46 API calls 50069->50071 50073 5c6557 50071->50073 50072 5c6537 50074 5cb00c ___std_exception_destroy 14 API calls 50072->50074 50075 5cb00c ___std_exception_destroy 14 API calls 50073->50075 50074->50069 50075->50068 50076->50064 50078 5d11c6 50077->50078 50079 5d11e1 50077->50079 50078->50079 50080 5d11d2 50078->50080 50081 5d11f0 50079->50081 50099 5d6988 44 API calls 2 library calls 50079->50099 50098 5c16ef 14 API calls __dosmaperr 50080->50098 50086 5cb9ea 50081->50086 50085 5d11d7 __fread_nolock 50085->50072 50087 5cb9f7 50086->50087 50088 5cba02 50086->50088 50100 5cb086 15 API calls 2 library calls 50087->50100 50089 5cba0a 50088->50089 50096 5cba13 __dosmaperr 50088->50096 50091 5cb00c ___std_exception_destroy 14 API calls 50089->50091 50094 5cb9ff 50091->50094 50092 5cba3d RtlReAllocateHeap 50092->50094 50092->50096 50093 5cba18 50101 5c16ef 14 API calls __dosmaperr 50093->50101 50094->50085 50096->50092 50096->50093 50102 5c5a79 RtlEnterCriticalSection RtlLeaveCriticalSection std::_Facet_Register 50096->50102 50098->50085 50099->50081 50100->50094 50101->50094 50102->50096 50103 644eb0 50104 64527c 50103->50104 50122 644eee std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 50103->50122 50105 644f37 setsockopt recv WSAGetLastError 50105->50104 50105->50122 50107 6451c5 recv 50110 64525f Sleep 50107->50110 50109 645267 Sleep 50109->50104 50109->50122 50110->50109 50111 598dc0 43 API calls 50112 644fdd recv 50111->50112 50113 644ffe recv 50112->50113 50112->50122 50113->50122 50115 645291 50119 5b8c60 std::_Throw_Cpp_error 43 API calls 50115->50119 50116 5963b0 std::_Throw_Cpp_error 43 API calls 50116->50122 50117 645086 setsockopt recv 50117->50122 50118 598dc0 43 API calls 50118->50117 50120 645296 50119->50120 50122->50105 50122->50107 50122->50109 50122->50110 50122->50111 50122->50115 50122->50116 50122->50117 50122->50118 50123 645940 WSAStartup 50122->50123 50136 6452a0 50122->50136 50208 5b3059 50122->50208 50211 589280 50122->50211 50124 645a46 50123->50124 50125 645978 50123->50125 50124->50122 50125->50124 50126 6459ae getaddrinfo 50125->50126 50127 6459f6 50126->50127 50128 645a40 WSACleanup 50126->50128 50129 645a54 FreeAddrInfoW 50127->50129 50131 645a04 socket 50127->50131 50128->50124 50129->50128 50130 645a60 50129->50130 50130->50122 50131->50128 50132 645a1a connect 50131->50132 50133 645a50 50132->50133 50134 645a2c closesocket 50132->50134 50133->50129 50134->50131 50135 645a36 FreeAddrInfoW 50134->50135 50135->50128 50137 64531c 50136->50137 50138 6452ee 50136->50138 50140 645324 50137->50140 50141 64533e 50137->50141 50139 582cf0 std::_Throw_Cpp_error 43 API calls 50138->50139 50144 645300 50139->50144 50236 596290 43 API calls 50140->50236 50142 645346 50141->50142 50143 645360 50141->50143 50237 596290 43 API calls 50142->50237 50147 645385 50143->50147 50148 645368 50143->50148 50149 589280 46 API calls 50144->50149 50150 64538d 50147->50150 50151 6453ab 50147->50151 50166 645314 50148->50166 50238 596290 43 API calls 50148->50238 50149->50166 50239 5c12a7 53 API calls __fread_nolock 50150->50239 50156 645670 50151->50156 50157 6453cb 50151->50157 50151->50166 50154 582df0 std::_Throw_Cpp_error 43 API calls 50155 6458a1 50154->50155 50155->50122 50159 645678 50156->50159 50160 6456cb 50156->50160 50240 585400 88 API calls std::_Throw_Cpp_error 50157->50240 50227 59b430 50159->50227 50162 645726 50160->50162 50163 6456d3 50160->50163 50164 645781 50162->50164 50165 64572e 50162->50165 50167 59b430 56 API calls 50163->50167 50170 6457dc 50164->50170 50171 645789 50164->50171 50168 59b430 56 API calls 50165->50168 50166->50154 50167->50166 50168->50166 50169 645655 50172 5b2b9a RtlReleaseSRWLockExclusive 50169->50172 50175 6457e4 50170->50175 50176 645834 50170->50176 50174 59b430 56 API calls 50171->50174 50172->50166 50173 582cf0 std::_Throw_Cpp_error 43 API calls 50185 6453f0 50173->50185 50174->50166 50177 59b430 56 API calls 50175->50177 50176->50166 50245 5d8af0 53 API calls 2 library calls 50176->50245 50177->50166 50179 64584a 50180 5962c0 43 API calls 50179->50180 50182 645859 50180->50182 50181 59ace0 43 API calls 50181->50185 50183 582df0 std::_Throw_Cpp_error 43 API calls 50182->50183 50183->50166 50184 582df0 43 API calls std::_Throw_Cpp_error 50184->50185 50185->50169 50185->50173 50185->50181 50185->50184 50186 6454bb 50185->50186 50241 582d30 43 API calls std::_Throw_Cpp_error 50186->50241 50188 6454df 50242 653670 45 API calls 5 library calls 50188->50242 50190 6454f0 50191 582df0 std::_Throw_Cpp_error 43 API calls 50190->50191 50192 6454ff 50191->50192 50193 645562 GetCurrentProcess 50192->50193 50196 645595 50192->50196 50194 5963b0 std::_Throw_Cpp_error 43 API calls 50193->50194 50195 64557e 50194->50195 50243 64c630 64 API calls 3 library calls 50195->50243 50198 5b9810 45 API calls 50196->50198 50201 6455f7 50198->50201 50199 64558d 50200 645629 50199->50200 50244 595230 43 API calls std::_Throw_Cpp_error 50200->50244 50201->50200 50203 5c1618 78 API calls 50201->50203 50205 645623 50203->50205 50204 645646 50207 5bd098 81 API calls 50205->50207 50207->50200 50478 5b360d 50208->50478 50212 5963b0 std::_Throw_Cpp_error 43 API calls 50211->50212 50214 5892d4 50212->50214 50213 582df0 std::_Throw_Cpp_error 43 API calls 50215 589482 50213->50215 50214->50213 50216 598dc0 43 API calls 50215->50216 50218 589523 std::locale::_Locimp::_Locimp 50215->50218 50216->50218 50217 5895f0 GetModuleHandleA GetProcAddress WSASend 50217->50218 50220 5896e2 std::ios_base::_Ios_base_dtor 50217->50220 50218->50217 50218->50220 50219 58975d std::ios_base::_Ios_base_dtor 50219->50122 50220->50219 50221 5b8c60 std::_Throw_Cpp_error 43 API calls 50220->50221 50222 58979c 50221->50222 50223 582df0 std::_Throw_Cpp_error 43 API calls 50222->50223 50224 5897d7 50223->50224 50225 582df0 std::_Throw_Cpp_error 43 API calls 50224->50225 50226 5897f0 50225->50226 50226->50122 50246 597ef0 50227->50246 50229 59b48d 50265 5a2100 50229->50265 50236->50166 50237->50166 50238->50166 50239->50166 50240->50185 50241->50188 50242->50190 50243->50199 50244->50204 50245->50179 50247 597f1d 50246->50247 50248 598034 50246->50248 50249 597fcb 50247->50249 50250 597f2b 50247->50250 50251 597f7c 50247->50251 50252 597f83 50247->50252 50253 597f24 50247->50253 50258 582cf0 std::_Throw_Cpp_error 43 API calls 50248->50258 50260 597f29 50248->50260 50249->50229 50257 5b3662 std::_Facet_Register 16 API calls 50250->50257 50335 59cf80 43 API calls 2 library calls 50251->50335 50255 5b3662 std::_Facet_Register 16 API calls 50252->50255 50334 59c3a0 16 API calls std::_Facet_Register 50253->50334 50255->50260 50257->50260 50259 59804f 50258->50259 50336 587f90 43 API calls 2 library calls 50259->50336 50260->50229 50262 598062 50263 5b51eb std::_Throw_Cpp_error RaiseException 50262->50263 50264 598073 50263->50264 50266 5a215f 50265->50266 50337 5c132b 50266->50337 50334->50260 50335->50260 50336->50262 50356 5c9e32 GetLastError 50337->50356 50357 5c9e48 50356->50357 50358 5c9e4e 50356->50358 50387 5cb64e 6 API calls std::locale::_Setgloballocale 50357->50387 50362 5c9e52 SetLastError 50358->50362 50388 5cb68d 50358->50388 50366 5c9ee7 50362->50366 50367 5c1336 50362->50367 50394 5c41b6 50366->50394 50383 5ca11f 50367->50383 50384 5ca132 50383->50384 50386 5a225f 50383->50386 50384->50386 50387->50358 50389 5cb43b std::locale::_Setgloballocale 5 API calls 50388->50389 50390 5cb6a9 50389->50390 50391 5cb6c7 TlsSetValue 50390->50391 50392 5c9e6a 50390->50392 50392->50362 50409 5cf60e 50394->50409 50479 5b3649 GetSystemTimeAsFileTime 50478->50479 50480 5b363d GetSystemTimePreciseAsFileTime 50478->50480 50481 5b3067 50479->50481 50480->50481 50481->50122 50483 5c9f85 GetLastError 50484 5c9f9b 50483->50484 50485 5c9fa1 50483->50485 50506 5cb64e 6 API calls std::locale::_Setgloballocale 50484->50506 50487 5cb68d __dosmaperr 6 API calls 50485->50487 50504 5c9fa5 SetLastError 50485->50504 50488 5c9fbd 50487->50488 50490 5ca64c __dosmaperr 12 API calls 50488->50490 50488->50504 50491 5c9fd2 50490->50491 50492 5c9fda 50491->50492 50493 5c9feb 50491->50493 50494 5cb68d __dosmaperr 6 API calls 50492->50494 50495 5cb68d __dosmaperr 6 API calls 50493->50495 50496 5c9fe8 50494->50496 50497 5c9ff7 50495->50497 50502 5cb00c ___std_exception_destroy 12 API calls 50496->50502 50498 5c9ffb 50497->50498 50499 5ca012 50497->50499 50501 5cb68d __dosmaperr 6 API calls 50498->50501 50507 5c9c60 14 API calls __dosmaperr 50499->50507 50501->50496 50502->50504 50503 5ca01d 50505 5cb00c ___std_exception_destroy 12 API calls 50503->50505 50505->50504 50506->50485 50507->50503 50508 5ddc20 50509 5ddc6d 50508->50509 50510 5ddd61 50508->50510 50512 59ab20 43 API calls 50509->50512 50511 59ab20 43 API calls 50510->50511 50513 5dddbd 50511->50513 50514 5ddcc9 50512->50514 50515 5963b0 std::_Throw_Cpp_error 43 API calls 50513->50515 50595 59b980 43 API calls 50514->50595 50517 5dddd8 50515->50517 50528 5ff730 50517->50528 50518 5ddd20 50596 6633a0 21 API calls 2 library calls 50518->50596 50522 5ddd40 50597 5988d0 50522->50597 50523 582df0 std::_Throw_Cpp_error 43 API calls 50525 5dddf7 50523->50525 50526 5ddd52 50527 582df0 std::_Throw_Cpp_error 43 API calls 50526->50527 50527->50510 50529 664050 89 API calls 50528->50529 50564 5ff78c __fread_nolock std::locale::_Locimp::_Locimp 50529->50564 50530 601f5c 50531 582df0 std::_Throw_Cpp_error 43 API calls 50530->50531 50532 5ddde5 50531->50532 50532->50523 50533 601fbd 50534 582cf0 std::_Throw_Cpp_error 43 API calls 50533->50534 50535 601fcd 50534->50535 50684 587b10 43 API calls 3 library calls 50535->50684 50537 601fe8 50540 5b51eb std::_Throw_Cpp_error RaiseException 50537->50540 50538 6020b8 50539 582cf0 std::_Throw_Cpp_error 43 API calls 50538->50539 50541 6020c8 50539->50541 50542 601ffc 50540->50542 50687 587b10 43 API calls 3 library calls 50541->50687 50544 5b8c60 std::_Throw_Cpp_error 43 API calls 50542->50544 50547 602001 50544->50547 50545 601f7e 50548 582cf0 std::_Throw_Cpp_error 43 API calls 50545->50548 50546 6020e3 50549 5b51eb std::_Throw_Cpp_error RaiseException 50546->50549 50685 582b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error 50547->50685 50551 601f8e 50548->50551 50552 6020f7 50549->50552 50683 587b10 43 API calls 3 library calls 50551->50683 50553 602006 50686 583330 RaiseException 50553->50686 50556 601fa9 50557 5b51eb std::_Throw_Cpp_error RaiseException 50556->50557 50557->50533 50558 59b0e0 43 API calls 50558->50564 50559 60200b 50560 582cf0 std::_Throw_Cpp_error 43 API calls 50559->50560 50561 602023 50560->50561 50562 59ace0 43 API calls 50561->50562 50563 602038 50562->50563 50565 587cf0 43 API calls 50563->50565 50564->50530 50564->50533 50564->50538 50564->50542 50564->50545 50564->50547 50564->50553 50564->50558 50564->50559 50566 602064 50564->50566 50573 59af80 43 API calls 50564->50573 50579 663880 46 API calls 50564->50579 50580 583040 43 API calls std::_Throw_Cpp_error 50564->50580 50581 6002b3 SHGetFolderPathA 50564->50581 50582 6005b5 SHGetFolderPathA 50564->50582 50583 6008b3 SHGetFolderPathA 50564->50583 50584 600c13 SHGetFolderPathA 50564->50584 50585 600f3b SHGetFolderPathA 50564->50585 50586 598b00 43 API calls 50564->50586 50587 582fe0 43 API calls std::_Throw_Cpp_error 50564->50587 50588 601245 SHGetFolderPathA 50564->50588 50589 5832d0 43 API calls std::_Throw_Cpp_error 50564->50589 50591 5985d0 79 API calls 50564->50591 50592 5b3662 16 API calls std::_Facet_Register 50564->50592 50593 5963b0 43 API calls std::_Throw_Cpp_error 50564->50593 50594 582df0 43 API calls std::_Throw_Cpp_error 50564->50594 50602 5c12a7 53 API calls __fread_nolock 50564->50602 50603 602100 50564->50603 50682 596130 43 API calls 2 library calls 50564->50682 50567 602050 50565->50567 50571 582cf0 std::_Throw_Cpp_error 43 API calls 50566->50571 50569 5b51eb std::_Throw_Cpp_error RaiseException 50567->50569 50569->50566 50572 602077 50571->50572 50574 59ace0 43 API calls 50572->50574 50573->50564 50575 60208c 50574->50575 50576 587cf0 43 API calls 50575->50576 50577 6020a4 50576->50577 50578 5b51eb std::_Throw_Cpp_error RaiseException 50577->50578 50578->50538 50579->50564 50580->50564 50581->50564 50582->50564 50583->50564 50584->50564 50585->50564 50586->50564 50587->50564 50588->50564 50589->50564 50591->50564 50592->50564 50593->50564 50594->50564 50595->50518 50596->50522 50598 598914 std::ios_base::_Ios_base_dtor 50597->50598 50599 5988f3 50597->50599 50598->50526 50599->50598 50600 5b8c60 std::_Throw_Cpp_error 43 API calls 50599->50600 50601 598947 50600->50601 50602->50564 50604 602161 50603->50604 50605 603884 50603->50605 50606 664050 89 API calls 50604->50606 50608 6038fa 50604->50608 50717 5b39a3 RtlAcquireSRWLockExclusive RtlReleaseSRWLockExclusive SleepConditionVariableSRW 50605->50717 50611 602171 50606->50611 50718 582b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error 50608->50718 50610 6038ff 50719 583330 RaiseException 50610->50719 50613 602558 50611->50613 50616 5963b0 std::_Throw_Cpp_error 43 API calls 50611->50616 50620 603799 50611->50620 50617 5963b0 std::_Throw_Cpp_error 43 API calls 50613->50617 50613->50620 50614 603904 50621 5b8c60 std::_Throw_Cpp_error 43 API calls 50614->50621 50615 603809 50625 603835 50615->50625 50626 60382c 50615->50626 50618 6021d0 50616->50618 50619 602578 50617->50619 50622 6433b0 47 API calls 50618->50622 50623 6433b0 47 API calls 50619->50623 50620->50615 50620->50620 50629 583040 std::_Throw_Cpp_error 43 API calls 50620->50629 50624 60390e 50621->50624 50647 6021e7 50622->50647 50681 60258f std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 50623->50681 50716 593340 43 API calls 2 library calls 50625->50716 50715 593340 43 API calls 2 library calls 50626->50715 50628 603787 50635 5985d0 79 API calls 50628->50635 50633 6037e7 50629->50633 50630 602546 50634 5985d0 79 API calls 50630->50634 50632 603831 50637 582df0 std::_Throw_Cpp_error 43 API calls 50632->50637 50636 663b20 96 API calls 50633->50636 50634->50613 50635->50620 50638 6037f7 50636->50638 50640 603848 50637->50640 50641 582df0 std::_Throw_Cpp_error 43 API calls 50638->50641 50639 5963b0 std::_Throw_Cpp_error 43 API calls 50639->50647 50643 582df0 std::_Throw_Cpp_error 43 API calls 50640->50643 50641->50615 50644 603854 50643->50644 50646 5985d0 79 API calls 50644->50646 50649 603860 50646->50649 50647->50630 50647->50639 50655 60226a 50647->50655 50688 595350 50647->50688 50711 603ac0 79 API calls std::_Throw_Cpp_error 50647->50711 50650 5832d0 43 API calls std::_Throw_Cpp_error 50650->50681 50653 5b3662 16 API calls std::_Facet_Register 50653->50681 50654 59ab20 43 API calls 50654->50655 50655->50654 50656 59ad80 43 API calls 50655->50656 50659 582df0 std::_Throw_Cpp_error 43 API calls 50655->50659 50656->50655 50657 5963b0 43 API calls std::_Throw_Cpp_error 50657->50681 50658 59e8a0 43 API calls 50658->50681 50660 602390 CreateDirectoryA 50659->50660 50661 59ab20 43 API calls 50660->50661 50667 602481 50661->50667 50662 5963b0 std::_Throw_Cpp_error 43 API calls 50662->50667 50663 59ad80 43 API calls 50663->50667 50664 595350 43 API calls 50664->50667 50665 595350 43 API calls 50665->50681 50667->50662 50667->50663 50667->50664 50669 602100 136 API calls 50667->50669 50668 59ad80 43 API calls 50668->50681 50669->50647 50670 6645d0 82 API calls 50670->50681 50671 602b52 CreateDirectoryA 50671->50681 50672 6036dc CopyFileA 50673 6036ff 50672->50673 50672->50681 50673->50681 50675 602e12 CoInitialize 50675->50681 50676 583040 43 API calls std::_Throw_Cpp_error 50676->50681 50677 5988d0 43 API calls 50677->50681 50678 60301e PathFindExtensionA 50678->50681 50679 582df0 43 API calls std::_Throw_Cpp_error 50679->50681 50680 598b00 43 API calls 50680->50681 50681->50608 50681->50610 50681->50614 50681->50628 50681->50650 50681->50653 50681->50657 50681->50658 50681->50665 50681->50668 50681->50670 50681->50671 50681->50672 50681->50675 50681->50676 50681->50677 50681->50678 50681->50679 50681->50680 50712 603ac0 79 API calls std::_Throw_Cpp_error 50681->50712 50713 603910 107 API calls std::_Throw_Cpp_error 50681->50713 50714 6506d0 45 API calls 50681->50714 50682->50564 50683->50556 50684->50537 50685->50553 50687->50546 50689 5953a0 50688->50689 50707 595439 50688->50707 50690 595469 50689->50690 50691 5953ab 50689->50691 50727 583330 RaiseException 50690->50727 50693 5953b9 50691->50693 50694 5953e2 50691->50694 50695 59546e 50693->50695 50697 5953c4 50693->50697 50696 5953d7 50694->50696 50700 5b3662 std::_Facet_Register 16 API calls 50694->50700 50728 582b50 RaiseException Concurrency::cancel_current_task std::_Throw_Cpp_error 50695->50728 50705 5963b0 std::_Throw_Cpp_error 43 API calls 50696->50705 50696->50707 50698 5b3662 std::_Facet_Register 16 API calls 50697->50698 50701 5953ca 50698->50701 50700->50696 50701->50696 50702 595473 50701->50702 50705->50696 50707->50647 50711->50647 50712->50681 50713->50681 50714->50681 50715->50632 50716->50632 50717->50604 50718->50610 50728->50702 50730 5df280 50731 5df2cd 50730->50731 50735 5df2ec 50730->50735 50732 5963b0 std::_Throw_Cpp_error 43 API calls 50731->50732 50733 5df2df 50732->50733 50736 611a60 50733->50736 50737 5b59a0 __fread_nolock 50736->50737 50738 611ab5 SHGetFolderPathA 50737->50738 50739 611c20 50738->50739 50739->50739 50740 583040 std::_Throw_Cpp_error 43 API calls 50739->50740 50741 611c3c 50740->50741 50742 59fbf0 43 API calls 50741->50742 50745 611c6d std::ios_base::_Ios_base_dtor 50742->50745 50743 664050 89 API calls 50751 611d2d 50743->50751 50744 613299 50746 5b8c60 std::_Throw_Cpp_error 43 API calls 50744->50746 50745->50743 50745->50744 50748 61329e 50746->50748 50747 613262 50749 582df0 std::_Throw_Cpp_error 43 API calls 50747->50749 50754 597ef0 43 API calls 50748->50754 50750 613277 50749->50750 50752 582df0 std::_Throw_Cpp_error 43 API calls 50750->50752 50751->50747 50751->50748 50755 59e8a0 43 API calls 50751->50755 50753 613286 50752->50753 50753->50735 50756 6132fd 50754->50756 50757 611e13 50755->50757 50871 5940c0 50756->50871 50758 664050 89 API calls 50757->50758 50760 611e34 50758->50760 50762 61324d 50760->50762 50766 59ab20 43 API calls 50760->50766 50767 582df0 std::_Throw_Cpp_error 43 API calls 50762->50767 50763 6133dc 50764 6133f7 50763->50764 50765 613e1d 50763->50765 50770 583040 std::_Throw_Cpp_error 43 API calls 50764->50770 50772 582cf0 std::_Throw_Cpp_error 43 API calls 50765->50772 50769 611f64 50766->50769 50767->50747 50768 597ef0 43 API calls 50768->50763 50771 5b9810 45 API calls 50769->50771 50774 611f80 50771->50774 50777 582df0 std::_Throw_Cpp_error 43 API calls 50774->50777 50779 611f94 50777->50779 50781 611f9e 50779->50781 50782 611f98 50779->50782 50875 5940ff 50871->50875 50872 5b3662 std::_Facet_Register 16 API calls 50873 59412e 50872->50873 50876 5941ac 50873->50876 50892 5abf20 43 API calls 3 library calls 50873->50892 50875->50872 50876->50763 50876->50768 50878 594171 50878->50876 50893 599860 43 API calls 50878->50893 50892->50878 50893->50878 50895 5df560 50896 5df5b4 50895->50896 50897 5e011c 50895->50897 50898 59ab20 43 API calls 50896->50898 50899 59ab20 43 API calls 50897->50899 50900 5df696 50898->50900 50901 5e01fe 50899->50901 50902 664050 89 API calls 50900->50902 50903 664050 89 API calls 50901->50903 50904 5df6bc 50902->50904 50905 5e0224 50903->50905 50906 663fc0 88 API calls 50904->50906 50911 5df6df 50904->50911 50907 663fc0 88 API calls 50905->50907 50909 5e0247 50905->50909 50906->50911 50907->50909 50908 5e1920 50913 5e193b 50908->50913 50919 663b20 96 API calls 50908->50919 50909->50908 50909->50913 50914 59b260 43 API calls 50909->50914 50910 5e010a 50916 582df0 std::_Throw_Cpp_error 43 API calls 50910->50916 50911->50910 50912 5e00ef 50911->50912 50915 59b260 43 API calls 50911->50915 50912->50910 50920 663b20 96 API calls 50912->50920 50917 582df0 std::_Throw_Cpp_error 43 API calls 50913->50917 50962 5e0277 std::ios_base::_Ios_base_dtor 50914->50962 50959 5df70f 50915->50959 50916->50897 50918 5e194d 50917->50918 50919->50913 50920->50910 50921 5e00e0 51057 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50921->51057 50922 5e1911 51060 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50922->51060 50925 5930f0 43 API calls 50925->50959 50926 59b260 43 API calls 50926->50959 50927 59b260 43 API calls 50927->50962 50930 59ac50 43 API calls 50930->50959 50931 5963b0 43 API calls std::_Throw_Cpp_error 50931->50959 50932 5963b0 43 API calls std::_Throw_Cpp_error 50932->50962 50933 59ac50 43 API calls 50933->50962 50936 664050 89 API calls 50936->50959 50937 664050 89 API calls 50937->50962 50938 5b9810 45 API calls 50938->50959 50939 5b9810 45 API calls 50939->50962 50940 663fc0 88 API calls 50940->50959 50941 663fc0 88 API calls 50941->50962 50942 59ae20 43 API calls 50942->50959 50943 59ae20 43 API calls 50943->50962 50944 59abb0 43 API calls 50944->50959 50945 59abb0 43 API calls 50945->50962 50946 5930f0 43 API calls 50946->50962 50947 596240 43 API calls 50947->50959 50948 596240 43 API calls 50948->50962 50949 582df0 43 API calls std::_Throw_Cpp_error 50949->50959 50950 593200 43 API calls 50950->50962 50951 5bd098 81 API calls 50951->50962 50952 593200 43 API calls 50952->50959 50953 5bd098 81 API calls 50953->50959 50954 582cf0 43 API calls std::_Throw_Cpp_error 50954->50959 50955 582cf0 43 API calls std::_Throw_Cpp_error 50955->50962 50956 59af80 43 API calls 50956->50959 50958 583350 81 API calls 50958->50959 50959->50921 50959->50925 50959->50926 50959->50930 50959->50931 50959->50936 50959->50938 50959->50940 50959->50942 50959->50944 50959->50947 50959->50949 50959->50952 50959->50953 50959->50954 50959->50956 50959->50958 51053 596210 43 API calls std::_Throw_Cpp_error 50959->51053 51054 59b400 43 API calls 50959->51054 51055 59bae0 43 API calls std::_Throw_Cpp_error 50959->51055 51056 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50959->51056 50961 59b400 43 API calls 50961->50962 50962->50922 50962->50927 50962->50932 50962->50933 50962->50937 50962->50939 50962->50941 50962->50943 50962->50945 50962->50946 50962->50948 50962->50950 50962->50951 50962->50955 50962->50961 50963 59af80 43 API calls 50962->50963 50965 583040 std::_Throw_Cpp_error 43 API calls 50962->50965 50966 59ace0 43 API calls 50962->50966 50967 5962c0 43 API calls 50962->50967 50968 5e1c24 50962->50968 50976 583350 81 API calls 50962->50976 50977 596260 43 API calls 50962->50977 50989 582df0 43 API calls std::_Throw_Cpp_error 50962->50989 51042 5a19a0 50962->51042 51058 596210 43 API calls std::_Throw_Cpp_error 50962->51058 51059 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50962->51059 50963->50962 50965->50962 50966->50962 50967->50962 50969 5b8c60 std::_Throw_Cpp_error 43 API calls 50968->50969 50970 5e1c29 50969->50970 50971 59ab20 43 API calls 50970->50971 50972 5e1d54 50971->50972 50973 664050 89 API calls 50972->50973 50974 5e1d7a 50973->50974 50975 663fc0 88 API calls 50974->50975 50978 5e1d9d 50974->50978 50975->50978 50976->50962 50977->50962 50979 5e27bf 50978->50979 50980 59b260 43 API calls 50978->50980 50982 5e27de 50978->50982 50981 663b20 96 API calls 50979->50981 50979->50982 51037 5e1dcd 50980->51037 50981->50982 50984 59ab20 43 API calls 50982->50984 50983 5e27b0 51063 588ab0 43 API calls std::ios_base::_Ios_base_dtor 50983->51063 50985 5e28c3 50984->50985 50987 664050 89 API calls 50985->50987 50988 5e28e9 50987->50988 50990 663fc0 88 API calls 50988->50990 50992 5e290c 50988->50992 50989->50962 50990->50992 50991 5e3349 50992->50991 50993 5e332e 50992->50993 50994 59b260 43 API calls 50992->50994 50993->50991 50996 663b20 96 API calls 50993->50996 50996->50991 51001 593200 43 API calls 51001->51037 51003 59b260 43 API calls 51003->51037 51005 5963b0 43 API calls std::_Throw_Cpp_error 51005->51037 51009 59ac50 43 API calls 51009->51037 51011 596240 43 API calls 51011->51037 51012 664050 89 API calls 51012->51037 51015 5b9810 45 API calls 51015->51037 51016 663fc0 88 API calls 51016->51037 51017 59ae20 43 API calls 51017->51037 51018 59abb0 43 API calls 51018->51037 51022 5930f0 43 API calls 51022->51037 51025 5bd098 81 API calls 51025->51037 51027 582df0 43 API calls std::_Throw_Cpp_error 51027->51037 51029 582cf0 43 API calls std::_Throw_Cpp_error 51029->51037 51033 59af80 43 API calls 51033->51037 51034 59b400 43 API calls 51034->51037 51036 583350 81 API calls 51036->51037 51037->50983 51037->51001 51037->51003 51037->51005 51037->51009 51037->51011 51037->51012 51037->51015 51037->51016 51037->51017 51037->51018 51037->51022 51037->51025 51037->51027 51037->51029 51037->51033 51037->51034 51037->51036 51061 596210 43 API calls std::_Throw_Cpp_error 51037->51061 51062 588ab0 43 API calls std::ios_base::_Ios_base_dtor 51037->51062 51043 5a19d0 51042->51043 51044 5a19f5 51042->51044 51043->50962 51045 582cf0 std::_Throw_Cpp_error 43 API calls 51044->51045 51046 5a1a03 51045->51046 51047 59ace0 43 API calls 51046->51047 51048 5a1a18 51047->51048 51049 587cf0 43 API calls 51048->51049 51050 5a1a2d 51049->51050 51051 5b51eb std::_Throw_Cpp_error RaiseException 51050->51051 51052 5a1a3e 51051->51052 51053->50959 51054->50959 51055->50959 51056->50959 51057->50912 51058->50962 51059->50962 51060->50908 51061->51037 51062->51037 51063->50979 51067 5ea8a0 51294 5ea8da 51067->51294 51068 5f6644 51069 5ea901 51070 5963b0 std::_Throw_Cpp_error 43 API calls 51069->51070 51071 5963b0 std::_Throw_Cpp_error 43 API calls 51069->51071 51070->51069 51072 5ea95c 51071->51072 51073 5ea9e4 51072->51073 51075 5ea9fe 51073->51075 51074 583040 std::_Throw_Cpp_error 43 API calls 51074->51075 51075->51074 51076 583040 std::_Throw_Cpp_error 43 API calls 51075->51076 51077 5eab79 51076->51077 51079 5eaba2 51077->51079 52204 5f4d4b 51077->52204 52205 627d20 51077->52205 51081 5eabb4 51079->51081 51080 5f4d59 51082 5f4d7b 51080->51082 51083 5eabd6 51081->51083 51084 5963b0 std::_Throw_Cpp_error 43 API calls 51082->51084 51085 5963b0 std::_Throw_Cpp_error 43 API calls 51083->51085 51086 5f4d8a 51084->51086 51087 5eabde 51085->51087 51096 5f4da7 51086->51096 51088 5eabf8 51087->51088 51089 5eabff 51088->51089 51090 5963b0 std::_Throw_Cpp_error 43 API calls 51089->51090 51092 5eac07 51090->51092 51091 5963b0 std::_Throw_Cpp_error 43 API calls 51091->51096 51093 582cf0 std::_Throw_Cpp_error 43 API calls 51092->51093 51095 5eac81 51093->51095 51094 582cf0 std::_Throw_Cpp_error 43 API calls 51094->51096 51098 582cf0 std::_Throw_Cpp_error 43 API calls 51095->51098 51096->51091 51096->51094 51102 5f4faa 51096->51102 51097 582cf0 std::_Throw_Cpp_error 43 API calls 51097->51102 51099 5eadab 51098->51099 51101 627d20 225 API calls 51099->51101 51100 627d20 225 API calls 51100->51102 51103 5eadc4 51101->51103 51102->51097 51102->51100 51104 5f4fdc 51102->51104 51105 5eadd9 51103->51105 51106 5f4ffe 51104->51106 51109 5963b0 std::_Throw_Cpp_error 43 API calls 51106->51109 51111 5f500d 51109->51111 51120 5f502a 51111->51120 51114 5963b0 std::_Throw_Cpp_error 43 API calls 51114->51120 51118 582cf0 std::_Throw_Cpp_error 43 API calls 51118->51120 51120->51114 51120->51118 51127 5f522d 51120->51127 51122 582cf0 std::_Throw_Cpp_error 43 API calls 51122->51127 51125 627d20 225 API calls 51125->51127 51127->51122 51127->51125 51128 5f525f 51127->51128 51129 5f5281 51128->51129 51133 5963b0 std::_Throw_Cpp_error 43 API calls 51129->51133 51289 582cf0 std::_Throw_Cpp_error 43 API calls 51289->51294 51292 627d20 225 API calls 51292->51294 51294->51068 51294->51069 51294->51289 51294->51292 52204->51080 52206 5b59a0 __fread_nolock 52205->52206 52207 627d7b SHGetFolderPathA 52206->52207 53234 59ac50 52207->53234 52209 627daf 52210 628f5a 52209->52210 52211 627dcd 52209->52211 52213 5952b0 43 API calls 52210->52213 52212 5963b0 std::_Throw_Cpp_error 43 API calls 52211->52212 52214 627dde 52212->52214 52215 628fa6 52213->52215 52216 6433b0 47 API calls 52214->52216 52217 582df0 std::_Throw_Cpp_error 43 API calls 52215->52217 52219 627df4 52216->52219 52218 628f58 52217->52218 52226 629000 52218->52226 52406 629025 std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 52218->52406 53460 5a42a0 43 API calls 52218->53460 52220 627e14 52219->52220 52401 627e81 std::locale::_Locimp::_Locimp 52219->52401 52222 5985d0 79 API calls 52220->52222 52221 627e23 52222->52221 52228 582df0 std::_Throw_Cpp_error 43 API calls 52226->52228 52228->52406 52231 62aebb 52233 59e8a0 43 API calls 52233->52401 52238 59e710 43 API calls 52238->52406 52249 598f00 43 API calls std::_Throw_Cpp_error 52249->52401 52252 62aeb6 52262 59e8a0 43 API calls 52262->52406 52276 59ad80 43 API calls 52276->52406 52320 598f00 std::_Throw_Cpp_error 43 API calls 52320->52406 52327 59abb0 43 API calls 52327->52406 52365 664120 81 API calls 52365->52406 52381 59ab20 43 API calls 52381->52406 52387 5832d0 43 API calls std::_Throw_Cpp_error 52387->52406 52395 5a35f0 43 API calls 52395->52406 52400 583040 43 API calls std::_Throw_Cpp_error 52400->52406 52401->52231 52401->52233 52401->52249 52414 59abb0 43 API calls 52401->52414 52446 5832d0 std::_Throw_Cpp_error 43 API calls 52401->52446 52452 5963b0 43 API calls std::_Throw_Cpp_error 52401->52452 52466 582df0 43 API calls std::_Throw_Cpp_error 52401->52466 52470 664120 81 API calls 52401->52470 52474 628f46 52401->52474 53458 582fe0 43 API calls 2 library calls 52401->53458 53459 5a4400 46 API calls 4 library calls 52401->53459 52406->52221 52406->52231 52406->52238 52406->52252 52406->52262 52406->52276 52406->52320 52406->52327 52406->52365 52406->52381 52406->52387 52406->52395 52406->52400 52420 5963b0 43 API calls std::_Throw_Cpp_error 52406->52420 52433 582df0 43 API calls std::_Throw_Cpp_error 52406->52433 52439 582fe0 43 API calls std::_Throw_Cpp_error 52406->52439 53461 5898e0 43 API calls std::_Throw_Cpp_error 52406->53461 52414->52401 52420->52406 52433->52406 52439->52406 52446->52401 52452->52401 52466->52401 52470->52401 53235 59ac81 53234->53235 53235->53235 53236 59ac9b 53235->53236 53239 59acd3 53235->53239 53237 59e8a0 43 API calls 53236->53237 53238 59acb2 53237->53238 53238->52209 53240 59fbf0 43 API calls 53239->53240 53241 59ad24 53240->53241 53241->52209 53458->52401 53459->52401 53460->52226 53461->52406 54470 5e6b40 54471 5e6b8a 54470->54471 54472 5e8532 54471->54472 54473 59ab20 43 API calls 54471->54473 54477 5e956b 54471->54477 54478 59ab20 43 API calls 54472->54478 54476 5e6c21 54473->54476 54474 5e9954 54587 60ff60 54474->54587 54479 664050 89 API calls 54476->54479 54477->54474 54484 59ab20 43 API calls 54477->54484 54480 5e860b 54478->54480 54482 5e6c47 54479->54482 54486 5b9810 45 API calls 54480->54486 54481 5e9c70 54645 592c30 43 API calls 2 library calls 54481->54645 54488 663fc0 88 API calls 54482->54488 54493 5e6c6a 54482->54493 54489 5e9658 54484->54489 54485 5e9c82 54490 5e8633 54486->54490 54487 5e9962 54487->54481 54495 59ab20 43 API calls 54487->54495 54488->54493 54494 5b9810 45 API calls 54489->54494 54491 582df0 std::_Throw_Cpp_error 43 API calls 54490->54491 54504 5e864a 54491->54504 54492 5e8520 54496 582df0 std::_Throw_Cpp_error 43 API calls 54492->54496 54493->54492 54497 59b260 43 API calls 54493->54497 54501 5e792b 54493->54501 54498 5e9680 54494->54498 54499 5e9a51 54495->54499 54496->54472 54582 5e6c99 54497->54582 54500 582df0 std::_Throw_Cpp_error 43 API calls 54498->54500 54506 5b9810 45 API calls 54499->54506 54513 5e969a 54500->54513 54502 5e8505 54501->54502 54505 59b260 43 API calls 54501->54505 54502->54492 54511 663b20 96 API calls 54502->54511 54503 5e791c 54640 588ab0 43 API calls std::ios_base::_Ios_base_dtor 54503->54640 54504->54477 54508 583350 81 API calls 54504->54508 54585 5e794e 54505->54585 54509 5e9a79 54506->54509 54516 5e86dd 54508->54516 54510 582df0 std::_Throw_Cpp_error 43 API calls 54509->54510 54519 5e9a93 54510->54519 54511->54492 54512 5e84f6 54642 588ab0 43 API calls std::ios_base::_Ios_base_dtor 54512->54642 54513->54474 54515 583350 81 API calls 54513->54515 54534 5e9731 54515->54534 54518 59b260 43 API calls 54516->54518 54523 5e8e23 54516->54523 54566 5e8703 54518->54566 54519->54481 54521 583350 81 API calls 54519->54521 54520 5e994e 54522 5bd098 81 API calls 54520->54522 54539 5e9b2a 54521->54539 54522->54474 54524 5e9563 54523->54524 54527 59b260 43 API calls 54523->54527 54529 5bd098 81 API calls 54524->54529 54525 5930f0 43 API calls 54525->54585 54568 5e8e46 54527->54568 54528 5e8e14 54643 588ab0 43 API calls std::ios_base::_Ios_base_dtor 54528->54643 54529->54477 54530 5e9c6a 54532 5bd098 81 API calls 54530->54532 54532->54481 54533 593200 43 API calls 54533->54585 54534->54520 54538 583350 81 API calls 54534->54538 54535 5e9554 54644 588ab0 43 API calls std::ios_base::_Ios_base_dtor 54535->54644 54536 582cf0 43 API calls std::_Throw_Cpp_error 54536->54582 54538->54534 54539->54530 54542 583350 81 API calls 54539->54542 54540 5930f0 43 API calls 54540->54566 54541 582cf0 43 API calls std::_Throw_Cpp_error 54541->54585 54542->54539 54543 5930f0 43 API calls 54543->54568 54544 593200 43 API calls 54544->54566 54545 593200 43 API calls 54545->54568 54546 582cf0 43 API calls std::_Throw_Cpp_error 54546->54566 54547 59af80 43 API calls 54547->54582 54548 582cf0 43 API calls std::_Throw_Cpp_error 54548->54568 54549 59b400 43 API calls 54549->54582 54550 59af80 43 API calls 54550->54585 54551 59b400 43 API calls 54551->54585 54552 59b400 43 API calls 54552->54566 54553 59ac50 43 API calls 54553->54582 54554 59ac50 43 API calls 54554->54585 54555 59af80 43 API calls 54555->54568 54556 596240 43 API calls 54556->54585 54557 582df0 43 API calls std::_Throw_Cpp_error 54557->54585 54558 59af80 43 API calls 54558->54566 54559 582df0 43 API calls std::_Throw_Cpp_error 54559->54566 54560 664050 89 API calls 54560->54585 54561 583350 81 API calls 54561->54566 54562 663fc0 88 API calls 54562->54582 54563 582df0 43 API calls std::_Throw_Cpp_error 54563->54568 54564 5963b0 43 API calls std::_Throw_Cpp_error 54564->54582 54565 59b400 43 API calls 54565->54568 54566->54528 54566->54540 54566->54544 54566->54546 54566->54552 54566->54558 54566->54559 54566->54561 54567 583350 81 API calls 54567->54568 54568->54535 54568->54543 54568->54545 54568->54548 54568->54555 54568->54563 54568->54565 54568->54567 54571 664120 81 API calls 54571->54582 54573 5963b0 43 API calls std::_Throw_Cpp_error 54573->54585 54574 664120 81 API calls 54574->54585 54575 5b9810 45 API calls 54575->54582 54576 663fc0 88 API calls 54576->54585 54577 5b9810 45 API calls 54577->54585 54578 583350 81 API calls 54578->54582 54579 596240 43 API calls 54579->54582 54580 583350 81 API calls 54580->54585 54581 582df0 43 API calls std::_Throw_Cpp_error 54581->54582 54582->54503 54582->54536 54582->54547 54582->54549 54582->54553 54582->54562 54582->54564 54582->54571 54582->54575 54582->54578 54582->54579 54582->54581 54583 5bd098 81 API calls 54582->54583 54584 664050 89 API calls 54582->54584 54614 5930f0 54582->54614 54623 593200 54582->54623 54638 663820 43 API calls 54582->54638 54639 596210 43 API calls std::_Throw_Cpp_error 54582->54639 54583->54582 54584->54582 54585->54512 54585->54525 54585->54533 54585->54541 54585->54550 54585->54551 54585->54554 54585->54556 54585->54557 54585->54560 54585->54573 54585->54574 54585->54576 54585->54577 54585->54580 54586 5bd098 81 API calls 54585->54586 54641 596210 43 API calls std::_Throw_Cpp_error 54585->54641 54586->54585 54646 611680 54587->54646 54589 60ffcd 54589->54487 54590 60ffc7 54590->54589 54591 583040 std::_Throw_Cpp_error 43 API calls 54590->54591 54592 61000e 54591->54592 54594 598f00 std::_Throw_Cpp_error 43 API calls 54592->54594 54595 6100c0 54594->54595 54670 6113f0 47 API calls 2 library calls 54595->54670 54597 610553 54598 5985d0 79 API calls 54597->54598 54599 610569 54598->54599 54601 582df0 std::_Throw_Cpp_error 43 API calls 54599->54601 54600 610594 54603 5b8c60 std::_Throw_Cpp_error 43 API calls 54600->54603 54601->54589 54602 59e8a0 43 API calls 54613 6100e7 std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 54602->54613 54605 61059e 54603->54605 54604 59ad80 43 API calls 54604->54613 54606 59ab20 43 API calls 54606->54613 54609 5832d0 std::_Throw_Cpp_error 43 API calls 54609->54613 54610 5963b0 43 API calls std::_Throw_Cpp_error 54610->54613 54612 582df0 43 API calls std::_Throw_Cpp_error 54612->54613 54613->54597 54613->54600 54613->54602 54613->54604 54613->54606 54613->54609 54613->54610 54613->54612 54671 610ba0 48 API calls 4 library calls 54613->54671 54672 6105a0 53 API calls 5 library calls 54613->54672 54673 5a2ac0 43 API calls 4 library calls 54613->54673 54615 59316c 54614->54615 54616 593114 54614->54616 54617 582cf0 std::_Throw_Cpp_error 43 API calls 54615->54617 54616->54582 54618 593179 54617->54618 54675 587b10 43 API calls 3 library calls 54618->54675 54620 593191 54621 5b51eb std::_Throw_Cpp_error RaiseException 54620->54621 54622 5931a2 54621->54622 54624 59325c 54623->54624 54629 593225 54623->54629 54625 582cf0 std::_Throw_Cpp_error 43 API calls 54624->54625 54626 593269 54625->54626 54676 587b10 43 API calls 3 library calls 54626->54676 54627 593235 54627->54582 54629->54627 54631 582cf0 std::_Throw_Cpp_error 43 API calls 54629->54631 54630 593281 54632 5b51eb std::_Throw_Cpp_error RaiseException 54630->54632 54633 59329f 54631->54633 54632->54629 54677 587b10 43 API calls 3 library calls 54633->54677 54635 5932b7 54636 5b51eb std::_Throw_Cpp_error RaiseException 54635->54636 54637 5932c8 54636->54637 54638->54582 54639->54582 54640->54501 54641->54585 54642->54502 54643->54523 54644->54524 54645->54485 54647 5c23dc std::_Facet_Register 15 API calls 54646->54647 54648 6116c5 __fread_nolock 54647->54648 54649 5c23dc std::_Facet_Register 15 API calls 54648->54649 54650 6116e4 __fread_nolock 54649->54650 54651 6116f7 RegOpenKeyExA 54650->54651 54652 6118b7 RegQueryValueExA RegCloseKey 54651->54652 54653 611a3b 54651->54653 54652->54653 54654 6118e5 54652->54654 54653->54590 54655 583040 std::_Throw_Cpp_error 43 API calls 54654->54655 54656 61190a 54655->54656 54657 611a50 54656->54657 54658 611939 54656->54658 54674 599e60 RaiseException 54657->54674 54659 583040 std::_Throw_Cpp_error 43 API calls 54658->54659 54664 611955 std::locale::_Locimp::_Locimp 54659->54664 54661 611a55 54662 5b8c60 std::_Throw_Cpp_error 43 API calls 54661->54662 54663 6119d9 54662->54663 54665 5b8c60 std::_Throw_Cpp_error 43 API calls 54663->54665 54669 611a09 std::ios_base::_Ios_base_dtor 54663->54669 54664->54661 54668 6119b7 std::ios_base::_Ios_base_dtor 54664->54668 54666 611a5f 54665->54666 54667 5c1c86 ___std_exception_destroy 14 API calls 54667->54663 54668->54667 54669->54590 54670->54613 54671->54613 54672->54613 54673->54613 54675->54620 54676->54630 54677->54635 54678 5e9f60 54684 5e9f9b 54678->54684 54679 5ea880 54680 5963b0 43 API calls std::_Throw_Cpp_error 54680->54684 54684->54679 54684->54680 54685 5938b0 43 API calls 54684->54685 54687 59af80 43 API calls 54684->54687 54688 593d50 43 API calls 54684->54688 54690 61cbf0 54684->54690 54786 61aec0 54684->54786 54870 618a80 54684->54870 54955 6161d0 54684->54955 55036 613ed0 54684->55036 54685->54684 54687->54684 54688->54684 54691 61cc26 54690->54691 54692 597ef0 43 API calls 54691->54692 54693 61cc4f 54692->54693 54694 5940c0 43 API calls 54693->54694 54695 61cc79 54694->54695 54696 59af80 43 API calls 54695->54696 54697 61cd14 __fread_nolock 54696->54697 54698 61cd32 SHGetFolderPathA 54697->54698 54699 59ac50 43 API calls 54698->54699 54700 61cd5f 54699->54700 54701 59ab20 43 API calls 54700->54701 54702 61ce04 __fread_nolock 54701->54702 54703 61ce1e GetPrivateProfileSectionNamesA 54702->54703 54771 61ce51 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 54703->54771 54705 620fad lstrlen 54706 620fc3 54705->54706 54705->54771 54707 582df0 std::_Throw_Cpp_error 43 API calls 54706->54707 54709 620fd2 54707->54709 54708 61cf42 GetPrivateProfileStringA 54708->54771 54710 582df0 std::_Throw_Cpp_error 43 API calls 54709->54710 54711 620fe1 54710->54711 54712 582df0 std::_Throw_Cpp_error 43 API calls 54711->54712 54713 620fed 54712->54713 54714 62101b 54718 582cf0 std::_Throw_Cpp_error 43 API calls 54714->54718 54715 59abb0 43 API calls 54715->54771 54720 621034 54718->54720 54722 59ace0 43 API calls 54720->54722 54723 621049 54722->54723 54724 587cf0 43 API calls 54723->54724 54725 621061 54724->54725 54726 5b51eb std::_Throw_Cpp_error RaiseException 54725->54726 54727 621075 54726->54727 54728 5b8c60 std::_Throw_Cpp_error 43 API calls 54727->54728 54729 62107a 54728->54729 54731 582cf0 std::_Throw_Cpp_error 43 API calls 54729->54731 54730 59e8a0 43 API calls 54730->54771 54734 62108d 54731->54734 54732 653b40 151 API calls 54732->54771 54733 6649f0 90 API calls 54733->54771 54737 59ace0 43 API calls 54734->54737 54735 5832d0 std::_Throw_Cpp_error 43 API calls 54735->54771 54736 59b430 56 API calls 54736->54771 54738 6210a2 54737->54738 54740 587cf0 43 API calls 54738->54740 54739 68e2b0 15 API calls 54739->54771 54741 6210ba 54740->54741 54742 5b51eb std::_Throw_Cpp_error RaiseException 54741->54742 54745 6210ce 54742->54745 54743 6c8990 15 API calls 54743->54771 54744 6539a0 90 API calls 54744->54771 54748 582cf0 std::_Throw_Cpp_error 43 API calls 54745->54748 54746 582df0 43 API calls std::_Throw_Cpp_error 54746->54771 54749 6210e2 54748->54749 54751 59ace0 43 API calls 54749->54751 54750 6c81a0 15 API calls 54750->54771 54752 6210f7 54751->54752 54753 587cf0 43 API calls 54752->54753 54754 62110f 54753->54754 54755 5b51eb std::_Throw_Cpp_error RaiseException 54754->54755 54757 597ef0 43 API calls 54757->54771 54758 5930f0 43 API calls 54758->54771 54759 583040 43 API calls std::_Throw_Cpp_error 54759->54771 54760 593200 43 API calls 54760->54771 54761 664050 89 API calls 54761->54771 54762 61f77f CreateDirectoryA 54762->54771 54764 59af80 43 API calls 54764->54771 54765 5a6db0 43 API calls 54765->54771 54766 5b3662 16 API calls std::_Facet_Register 54766->54771 54767 59ad80 43 API calls 54767->54771 54768 593d50 43 API calls 54768->54771 54769 59b0e0 43 API calls 54769->54771 54770 61fa66 CreateDirectoryA 54770->54771 54771->54705 54771->54708 54771->54714 54771->54715 54771->54727 54771->54729 54771->54730 54771->54732 54771->54733 54771->54735 54771->54736 54771->54739 54771->54743 54771->54744 54771->54745 54771->54746 54771->54750 54771->54757 54771->54758 54771->54759 54771->54760 54771->54761 54771->54762 54771->54764 54771->54765 54771->54766 54771->54767 54771->54768 54771->54769 54771->54770 54772 59ab20 43 API calls 54771->54772 54773 582fe0 43 API calls std::_Throw_Cpp_error 54771->54773 54774 582cf0 std::_Throw_Cpp_error 43 API calls 54771->54774 54776 59ace0 43 API calls 54771->54776 54777 59b7b0 16 API calls 54771->54777 54778 664120 81 API calls 54771->54778 54779 5b9810 45 API calls 54771->54779 54781 621130 157 API calls 54771->54781 54782 5c1618 78 API calls 54771->54782 54783 593980 43 API calls 54771->54783 54784 5bd098 81 API calls 54771->54784 55119 5c0f9e 54771->55119 55133 5ac070 43 API calls 2 library calls 54771->55133 55134 5a4900 43 API calls 54771->55134 55135 6c82d0 15 API calls 54771->55135 55136 59b9d0 43 API calls 2 library calls 54771->55136 55137 5936c0 43 API calls std::_Throw_Cpp_error 54771->55137 54772->54771 54773->54771 54774->54771 54776->54771 54777->54771 54778->54771 54779->54771 54781->54771 54782->54771 54783->54771 54784->54771 54787 61aef6 54786->54787 54788 597ef0 43 API calls 54787->54788 54789 61af1f 54788->54789 54790 5940c0 43 API calls 54789->54790 54791 61af49 54790->54791 54792 59af80 43 API calls 54791->54792 54793 61afe4 __fread_nolock 54792->54793 54794 61b002 SHGetFolderPathA 54793->54794 54795 59ac50 43 API calls 54794->54795 54796 61b02f 54795->54796 54797 59ab20 43 API calls 54796->54797 54798 61b0d4 __fread_nolock 54797->54798 54799 61b0ee GetPrivateProfileSectionNamesA 54798->54799 54851 61b121 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 54799->54851 54800 5c0f9e 53 API calls 54800->54851 54801 61ca51 lstrlen 54802 61ca67 54801->54802 54801->54851 54804 582df0 std::_Throw_Cpp_error 43 API calls 54802->54804 54803 61b212 GetPrivateProfileStringA 54803->54851 54805 61ca76 54804->54805 54806 582df0 std::_Throw_Cpp_error 43 API calls 54805->54806 54808 61ca85 54806->54808 54807 61cb88 54812 5b8c60 std::_Throw_Cpp_error 43 API calls 54807->54812 54810 582df0 std::_Throw_Cpp_error 43 API calls 54808->54810 54809 59e8a0 43 API calls 54809->54851 54811 61ca91 54810->54811 54811->54684 54814 61cb92 54812->54814 54813 59abb0 43 API calls 54813->54851 54815 582cf0 std::_Throw_Cpp_error 43 API calls 54814->54815 54816 61cba9 54815->54816 54817 59ace0 43 API calls 54816->54817 54818 61cbbe 54817->54818 54819 587cf0 43 API calls 54818->54819 54820 61cbd6 54819->54820 54822 5b51eb std::_Throw_Cpp_error RaiseException 54820->54822 54821 59ab20 43 API calls 54821->54851 54824 5b9810 45 API calls 54824->54851 54825 5bd098 81 API calls 54825->54851 54826 583040 43 API calls std::_Throw_Cpp_error 54826->54851 54827 5940c0 43 API calls 54827->54851 54828 582df0 43 API calls std::_Throw_Cpp_error 54828->54851 54829 663880 46 API calls 54829->54851 54830 61cae0 54835 582cf0 std::_Throw_Cpp_error 43 API calls 54830->54835 54831 5832d0 43 API calls std::_Throw_Cpp_error 54831->54851 54833 5985d0 79 API calls 54833->54851 54834 5980a0 43 API calls 54834->54851 54836 61caf7 54835->54836 54838 59ace0 43 API calls 54836->54838 54837 596130 43 API calls 54837->54851 54840 61cb0c 54838->54840 54839 653b40 151 API calls 54839->54851 54841 587cf0 43 API calls 54840->54841 54855 61cb24 54841->54855 54842 68e2b0 15 API calls 54842->54851 54843 597ef0 43 API calls 54843->54851 54844 5b51eb std::_Throw_Cpp_error RaiseException 54844->54807 54845 61caa6 54847 582cf0 std::_Throw_Cpp_error 43 API calls 54845->54847 54846 6539a0 90 API calls 54846->54851 54849 61cab9 54847->54849 54848 6c81a0 15 API calls 54848->54851 54852 59ace0 43 API calls 54849->54852 54851->54800 54851->54801 54851->54803 54851->54807 54851->54809 54851->54813 54851->54814 54851->54821 54851->54824 54851->54825 54851->54826 54851->54827 54851->54828 54851->54829 54851->54830 54851->54831 54851->54833 54851->54834 54851->54837 54851->54839 54851->54842 54851->54843 54851->54845 54851->54846 54851->54848 54856 61c97e 54851->54856 54861 5a6db0 43 API calls 54851->54861 54862 5b3662 16 API calls std::_Facet_Register 54851->54862 54863 61cb34 54851->54863 54865 593d50 43 API calls 54851->54865 54866 5a4900 43 API calls 54851->54866 54869 6c8990 15 API calls 54851->54869 55143 59c3a0 16 API calls std::_Facet_Register 54851->55143 55144 5a3f40 105 API calls 4 library calls 54851->55144 55145 6c82d0 15 API calls 54851->55145 54853 61c9a7 54852->54853 54854 587cf0 43 API calls 54853->54854 54854->54855 54855->54844 54857 582cf0 std::_Throw_Cpp_error 43 API calls 54856->54857 54858 61c992 54857->54858 54859 59ace0 43 API calls 54858->54859 54859->54853 54861->54851 54862->54851 54864 582cf0 std::_Throw_Cpp_error 43 API calls 54863->54864 54867 61cb47 54864->54867 54865->54851 54866->54851 54868 59ace0 43 API calls 54867->54868 54868->54853 54869->54851 54871 618ab6 54870->54871 54872 597ef0 43 API calls 54871->54872 54873 618adf 54872->54873 54874 5940c0 43 API calls 54873->54874 54875 618b09 54874->54875 54876 59af80 43 API calls 54875->54876 54877 618c48 __fread_nolock 54876->54877 54878 618c66 SHGetFolderPathA 54877->54878 54879 59ac50 43 API calls 54878->54879 54880 618c93 54879->54880 54881 59ab20 43 API calls 54880->54881 54882 618d47 __fread_nolock 54881->54882 54883 618d61 GetPrivateProfileSectionNamesA 54882->54883 54917 618d94 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 54883->54917 54884 5c0f9e 53 API calls 54884->54917 54885 61ad4c lstrlen 54886 61ad62 54885->54886 54885->54917 54887 582df0 std::_Throw_Cpp_error 43 API calls 54886->54887 54889 61ad71 54887->54889 54888 618e85 GetPrivateProfileStringA 54888->54917 54890 582df0 std::_Throw_Cpp_error 43 API calls 54889->54890 54891 61ad80 54890->54891 54893 582df0 std::_Throw_Cpp_error 43 API calls 54891->54893 54892 61ae49 54897 5b8c60 std::_Throw_Cpp_error 43 API calls 54892->54897 54895 61ad8c 54893->54895 54894 59e8a0 43 API calls 54894->54917 54895->54684 54896 59abb0 43 API calls 54896->54917 54898 61ae53 54897->54898 55148 599e60 RaiseException 54898->55148 54900 61ae58 54901 582cf0 std::_Throw_Cpp_error 43 API calls 54900->54901 54902 61ae6f 54901->54902 54903 59ace0 43 API calls 54902->54903 54904 61ae84 54903->54904 54906 587cf0 43 API calls 54904->54906 54905 59ab20 43 API calls 54905->54917 54907 61ae9c 54906->54907 54909 5b51eb std::_Throw_Cpp_error RaiseException 54907->54909 54908 5b9810 45 API calls 54908->54917 54911 5bd098 81 API calls 54911->54917 54912 5940c0 43 API calls 54912->54917 54913 663880 46 API calls 54913->54917 54915 61ada1 54920 582cf0 std::_Throw_Cpp_error 43 API calls 54915->54920 54916 5832d0 43 API calls std::_Throw_Cpp_error 54916->54917 54917->54884 54917->54885 54917->54888 54917->54892 54917->54894 54917->54896 54917->54898 54917->54900 54917->54905 54917->54908 54917->54911 54917->54912 54917->54913 54917->54915 54917->54916 54918 5985d0 79 API calls 54917->54918 54919 5980a0 43 API calls 54917->54919 54921 596130 43 API calls 54917->54921 54924 653b40 151 API calls 54917->54924 54928 59af80 43 API calls 54917->54928 54930 6539a0 90 API calls 54917->54930 54931 61abf3 54917->54931 54932 593d50 43 API calls 54917->54932 54933 5a4900 43 API calls 54917->54933 54938 6c81a0 15 API calls 54917->54938 54941 59fbf0 43 API calls 54917->54941 54942 598f00 std::_Throw_Cpp_error 43 API calls 54917->54942 54943 68e2b0 15 API calls 54917->54943 54944 6c8990 15 API calls 54917->54944 54945 5b3662 16 API calls std::_Facet_Register 54917->54945 54946 583040 43 API calls std::_Throw_Cpp_error 54917->54946 54947 582df0 43 API calls std::_Throw_Cpp_error 54917->54947 54948 5a6db0 43 API calls 54917->54948 54949 5963b0 std::_Throw_Cpp_error 43 API calls 54917->54949 54950 61adf5 54917->54950 54951 597ef0 43 API calls 54917->54951 55146 59c3a0 16 API calls std::_Facet_Register 54917->55146 55147 6c82d0 15 API calls 54917->55147 54918->54917 54919->54917 54922 61adb8 54920->54922 54921->54917 54923 59ace0 43 API calls 54922->54923 54925 61adcd 54923->54925 54924->54917 54926 587cf0 43 API calls 54925->54926 54927 61ade5 54926->54927 54929 5b51eb std::_Throw_Cpp_error RaiseException 54927->54929 54928->54917 54929->54892 54930->54917 54935 582cf0 std::_Throw_Cpp_error 43 API calls 54931->54935 54932->54917 54933->54917 54936 61ac06 54935->54936 54937 59ace0 43 API calls 54936->54937 54939 61ac1b 54937->54939 54938->54917 54940 587cf0 43 API calls 54939->54940 54940->54927 54941->54917 54942->54917 54943->54917 54944->54917 54945->54917 54946->54917 54947->54917 54948->54917 54949->54917 54952 582cf0 std::_Throw_Cpp_error 43 API calls 54950->54952 54951->54917 54953 61ae08 54952->54953 54954 59ace0 43 API calls 54953->54954 54954->54939 54956 616206 54955->54956 54957 597ef0 43 API calls 54956->54957 54958 61622f 54957->54958 54959 5940c0 43 API calls 54958->54959 54960 616259 54959->54960 54961 59af80 43 API calls 54960->54961 54962 6162f4 __fread_nolock 54961->54962 54963 616312 SHGetFolderPathA 54962->54963 54964 59ac50 43 API calls 54963->54964 54965 61633f 54964->54965 54966 59ab20 43 API calls 54965->54966 54967 6163e4 __fread_nolock 54966->54967 54968 6163fe GetPrivateProfileSectionNamesA 54967->54968 55024 616434 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 54968->55024 54969 5c0f9e 53 API calls 54969->55024 54970 618930 lstrlen 54971 618949 54970->54971 54970->55024 54972 582df0 std::_Throw_Cpp_error 43 API calls 54971->54972 54974 618958 54972->54974 54973 616525 GetPrivateProfileStringA 54973->55024 54975 582df0 std::_Throw_Cpp_error 43 API calls 54974->54975 54976 618967 54975->54976 54979 582df0 std::_Throw_Cpp_error 43 API calls 54976->54979 54977 618a17 54982 5b8c60 std::_Throw_Cpp_error 43 API calls 54977->54982 54978 59e8a0 43 API calls 54978->55024 54980 618973 54979->54980 54980->54684 54981 59abb0 43 API calls 54981->55024 54983 618a21 54982->54983 54984 582cf0 std::_Throw_Cpp_error 43 API calls 54983->54984 54985 618a35 54984->54985 54986 59ace0 43 API calls 54985->54986 54987 618a4a 54986->54987 54988 587cf0 43 API calls 54987->54988 54989 618a62 54988->54989 54991 5b51eb std::_Throw_Cpp_error RaiseException 54989->54991 54990 59ab20 43 API calls 54990->55024 54993 5b9810 45 API calls 54993->55024 54994 5bd098 81 API calls 54994->55024 54995 583040 43 API calls std::_Throw_Cpp_error 54995->55024 54996 5940c0 43 API calls 54996->55024 54997 582df0 43 API calls std::_Throw_Cpp_error 54997->55024 54998 5832d0 43 API calls std::_Throw_Cpp_error 54998->55024 54999 663880 46 API calls 54999->55024 55001 618988 55004 582cf0 std::_Throw_Cpp_error 43 API calls 55001->55004 55002 5985d0 79 API calls 55002->55024 55003 5980a0 43 API calls 55003->55024 55006 61899f 55004->55006 55005 596130 43 API calls 55005->55024 55007 59ace0 43 API calls 55006->55007 55008 618862 55007->55008 55010 587cf0 43 API calls 55008->55010 55009 653b40 151 API calls 55009->55024 55012 618a03 55010->55012 55011 59af80 43 API calls 55011->55024 55014 5b51eb std::_Throw_Cpp_error RaiseException 55012->55014 55013 68e2b0 15 API calls 55013->55024 55014->54977 55015 6539a0 90 API calls 55015->55024 55016 61883a 55019 582cf0 std::_Throw_Cpp_error 43 API calls 55016->55019 55017 593d50 43 API calls 55017->55024 55018 5a4900 43 API calls 55018->55024 55021 61884d 55019->55021 55022 59ace0 43 API calls 55021->55022 55022->55008 55023 5b3662 16 API calls std::_Facet_Register 55023->55024 55024->54969 55024->54970 55024->54973 55024->54977 55024->54978 55024->54981 55024->54983 55024->54990 55024->54993 55024->54994 55024->54995 55024->54996 55024->54997 55024->54998 55024->54999 55024->55001 55024->55002 55024->55003 55024->55005 55024->55009 55024->55011 55024->55013 55024->55015 55024->55016 55024->55017 55024->55018 55024->55023 55025 597ef0 43 API calls 55024->55025 55026 6c81a0 15 API calls 55024->55026 55027 5c12e6 53 API calls 55024->55027 55028 5a6db0 43 API calls 55024->55028 55029 582fe0 43 API calls std::_Throw_Cpp_error 55024->55029 55031 6189c3 55024->55031 55035 6c8990 15 API calls 55024->55035 55149 59c3a0 16 API calls std::_Facet_Register 55024->55149 55150 5ac070 43 API calls 2 library calls 55024->55150 55151 6c82d0 15 API calls 55024->55151 55025->55024 55026->55024 55027->55024 55028->55024 55029->55024 55032 582cf0 std::_Throw_Cpp_error 43 API calls 55031->55032 55033 6189d6 55032->55033 55034 59ace0 43 API calls 55033->55034 55034->55008 55035->55024 55037 613f06 55036->55037 55038 597ef0 43 API calls 55037->55038 55039 613f2f 55038->55039 55040 5940c0 43 API calls 55039->55040 55041 613f59 55040->55041 55042 59af80 43 API calls 55041->55042 55043 613ff4 __fread_nolock 55042->55043 55044 614012 SHGetFolderPathA 55043->55044 55045 59ac50 43 API calls 55044->55045 55046 61403f 55045->55046 55047 59ab20 43 API calls 55046->55047 55048 6140e4 __fread_nolock 55047->55048 55049 6140fe GetPrivateProfileSectionNamesA 55048->55049 55106 614131 std::ios_base::_Ios_base_dtor __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::locale::_Locimp::_Locimp 55049->55106 55050 5c0f9e 53 API calls 55050->55106 55051 61606e lstrlen 55052 616084 55051->55052 55051->55106 55054 582df0 std::_Throw_Cpp_error 43 API calls 55052->55054 55053 614222 GetPrivateProfileStringA 55053->55106 55055 616093 55054->55055 55056 582df0 std::_Throw_Cpp_error 43 API calls 55055->55056 55058 6160a2 55056->55058 55057 61616b 55062 5b8c60 std::_Throw_Cpp_error 43 API calls 55057->55062 55060 582df0 std::_Throw_Cpp_error 43 API calls 55058->55060 55059 59e8a0 43 API calls 55059->55106 55061 6160ae 55060->55061 55061->54684 55064 616175 55062->55064 55063 59abb0 43 API calls 55063->55106 55066 582cf0 std::_Throw_Cpp_error 43 API calls 55064->55066 55065 582df0 43 API calls std::_Throw_Cpp_error 55065->55106 55067 61618c 55066->55067 55068 59ace0 43 API calls 55067->55068 55069 6161a1 55068->55069 55070 587cf0 43 API calls 55069->55070 55071 6161b9 55070->55071 55072 5b51eb std::_Throw_Cpp_error RaiseException 55071->55072 55073 59ab20 43 API calls 55073->55106 55075 5b9810 45 API calls 55075->55106 55076 5bd098 81 API calls 55076->55106 55077 5940c0 43 API calls 55077->55106 55078 663880 46 API calls 55078->55106 55079 5832d0 43 API calls std::_Throw_Cpp_error 55079->55106 55081 6160c3 55083 582cf0 std::_Throw_Cpp_error 43 API calls 55081->55083 55082 5985d0 79 API calls 55082->55106 55085 6160da 55083->55085 55084 596130 43 API calls 55084->55106 55086 59ace0 43 API calls 55085->55086 55088 6160ef 55086->55088 55087 653b40 151 API calls 55087->55106 55089 587cf0 43 API calls 55088->55089 55090 616107 55089->55090 55093 5b51eb std::_Throw_Cpp_error RaiseException 55090->55093 55091 59af80 43 API calls 55091->55106 55092 68e2b0 15 API calls 55092->55106 55093->55057 55094 615f15 55096 582cf0 std::_Throw_Cpp_error 43 API calls 55094->55096 55095 6539a0 90 API calls 55095->55106 55098 615f28 55096->55098 55100 59ace0 43 API calls 55098->55100 55099 6c81a0 15 API calls 55099->55106 55117 615f3d 55100->55117 55101 587cf0 43 API calls 55101->55090 55102 59fbf0 43 API calls 55102->55106 55103 598f00 std::_Throw_Cpp_error 43 API calls 55103->55106 55104 597ef0 43 API calls 55104->55106 55105 5b3662 std::_Facet_Register 16 API calls 55105->55106 55106->55050 55106->55051 55106->55053 55106->55057 55106->55059 55106->55063 55106->55064 55106->55065 55106->55073 55106->55075 55106->55076 55106->55077 55106->55078 55106->55079 55106->55081 55106->55082 55106->55084 55106->55087 55106->55091 55106->55092 55106->55094 55106->55095 55106->55099 55106->55102 55106->55103 55106->55104 55106->55105 55107 583040 43 API calls std::_Throw_Cpp_error 55106->55107 55108 5a6db0 43 API calls 55106->55108 55109 5c12e6 53 API calls 55106->55109 55110 5980a0 43 API calls 55106->55110 55111 616117 55106->55111 55112 593d50 43 API calls 55106->55112 55113 5a4900 43 API calls 55106->55113 55118 6c8990 15 API calls 55106->55118 55152 59c3a0 16 API calls std::_Facet_Register 55106->55152 55153 6c82d0 15 API calls 55106->55153 55107->55106 55108->55106 55109->55106 55110->55106 55114 582cf0 std::_Throw_Cpp_error 43 API calls 55111->55114 55112->55106 55113->55106 55115 61612a 55114->55115 55116 59ace0 43 API calls 55115->55116 55116->55117 55117->55101 55118->55106 55120 5c0fad 55119->55120 55121 5c0ff5 55119->55121 55123 5c0fb3 55120->55123 55126 5c0fd0 55120->55126 55142 5c100b 53 API calls 3 library calls 55121->55142 55138 5c16ef 14 API calls __dosmaperr 55123->55138 55124 5c0fc3 55124->54771 55132 5c0fee 55126->55132 55140 5c16ef 14 API calls __dosmaperr 55126->55140 55127 5c0fb8 55139 5b8c50 43 API calls __fread_nolock 55127->55139 55130 5c0fdf 55141 5b8c50 43 API calls __fread_nolock 55130->55141 55132->54771 55133->54771 55135->54771 55136->54771 55137->54771 55138->55127 55139->55124 55140->55130 55141->55124 55142->55124 55143->54851 55144->54851 55145->54851 55146->54917 55147->54917 55149->55024 55150->55024 55151->55024 55152->55106 55153->55106

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 00627D20 Relevance: 420.8, APIs: 10, Strings: 219, Instructions: 20001COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00627D97
                                                                                                                                                                                        • Part of subcall function 006433B0: FindFirstFileA.KERNELBASE(00000000,?,00000000), ref: 006434EF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindFirstFolderPath
                                                                                                                                                                                      • String ID: #iR@$#iR@$#iR@$#iR@$&\U$&I$&I$&I$&I$0aVM$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$FoST$GG)$HFd$HWg$KGa$MXg$MXg$P081$P081$P081$P081$Q z$Q z$Q z$Q z$UP~$UWy$UWy$UYw$UYw$V!T$WGf$WS{$WS{$XFv$XFv$X[y$YX~$\oST$^W`$^W`$^W`$_C|$cannot use operator[] with a string argument with $cannot use push_back() with $l$r,$l$r-$v}{$v}{$v}{$v}{$wWs$wWs$wWs$wWs$vo$x<$x<$x<$x<
                                                                                                                                                                                      • API String ID: 2195519125-2153658087
                                                                                                                                                                                      • Opcode ID: 62f8f13e6466af9a096774651264851df4e3e762cdb043724113c5c180ff6438
                                                                                                                                                                                      • Instruction ID: 0477ee0195f558650f4548846fc5b2f24df0243786a8af6b5644e60187950aba
                                                                                                                                                                                      • Opcode Fuzzy Hash: 62f8f13e6466af9a096774651264851df4e3e762cdb043724113c5c180ff6438
                                                                                                                                                                                      • Instruction Fuzzy Hash: 90B401B4D052A98BDB25CF68C994BEDBBB1BF49304F1081D9E849A7241DB306F85CF91
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0061CBF0 Relevance: 248.2, APIs: 6, Strings: 134, Instructions: 3171stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0061CD44
                                                                                                                                                                                      • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 0061CE42
                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 0061D035
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0061F796
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0061FA7D
                                                                                                                                                                                      • lstrlen.KERNEL32(?), ref: 00620FAE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectoryPrivateProfile$AttributesErrorFileFolderLastNamesPathSectionStringlstrlen
                                                                                                                                                                                      • String ID: #iR@$3gX$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$KGa$KGa$P: 1$P?2'$PM!$PM&$SGf$VoST$VoST$VoST$VoST$VoST$VoST$WS{$WS{$WS{$WS{$WS{$WS{$XFf$XFf$^W`$^W`$cannot use operator[] with a string argument with $cannot use push_back() with $gQ`$gQ`$gQ`$gQ`$gQ`$gQ`$gQk$gQk$gQk$gQk$gQk$gQk$g[u$k,6&$k@z$*ct$*ct$*ct$x<
                                                                                                                                                                                      • API String ID: 2833034228-1554121391
                                                                                                                                                                                      • Opcode ID: 3c16719bd0e04f135cc6fac38773c8c67dcdbdbc44aa0bf16e6f8fc56770d810
                                                                                                                                                                                      • Instruction ID: 991490cd13c0e333b1729eeb5fe32c6f901e65a9d7f5f15a08b87a7125e1467b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c16719bd0e04f135cc6fac38773c8c67dcdbdbc44aa0bf16e6f8fc56770d810
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6193DBB4D056A98ADB65CF28C990BDDBBB1BF49304F1081DAE84DA7241DB306BC5CF46
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0065D2B0 Relevance: 115.9, APIs: 48, Strings: 16, Instructions: 3939registrytimefileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 0065D4BB
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,006E2B0C,00000001,0000002E,0000002F,?,006D83D1,3"Y,006D83D1), ref: 0065D78B
                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0065D906
                                                                                                                                                                                      • FindNextFileA.KERNEL32(00000000,?), ref: 0065D91C
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0065D92C
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0065D932
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0065D950
                                                                                                                                                                                        • Part of subcall function 00664590: GetCurrentProcess.KERNEL32(0065DCB0), ref: 0066459F
                                                                                                                                                                                        • Part of subcall function 00664590: IsWow64Process.KERNEL32(00000000), ref: 006645A6
                                                                                                                                                                                        • Part of subcall function 005C195B: GetSystemTimeAsFileTime.KERNEL32(0065DE28,00000000,00000000,?,?,?,0065DE28,00000000), ref: 005C1970
                                                                                                                                                                                        • Part of subcall function 005C195B: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C198F
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?,?,?), ref: 0065E0E1
                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 0065E1AD
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0065E1E2
                                                                                                                                                                                      • GetCurrentHwProfileA.ADVAPI32(?), ref: 0065E37A
                                                                                                                                                                                      • GetModuleHandleExA.KERNEL32(00000004,00663370,?,?,?,?,?,?,?,?,00000000), ref: 0065E87B
                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00000000), ref: 0065E893
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?), ref: 0065F246
                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 0065F312
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0065F591
                                                                                                                                                                                      • GetComputerNameA.KERNEL32(?,?), ref: 0065F5C5
                                                                                                                                                                                      • GetUserNameA.ADVAPI32(?,?), ref: 0065F763
                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0065F806
                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0065F814
                                                                                                                                                                                      • GetUserDefaultLocaleName.KERNEL32(?,00000200), ref: 0065F97F
                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0065FE45
                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040), ref: 0065FE57
                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(?,00000000), ref: 0065FE72
                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0065FE9D
                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00660060
                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00660077
                                                                                                                                                                                      • GetSystemTime.KERNEL32(?), ref: 0066028D
                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?), ref: 006602B0
                                                                                                                                                                                      • TzSpecificLocalTimeToSystemTime.KERNELBASE(?,?,?), ref: 006602D5
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 006606EF
                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?), ref: 00660841
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006608F2
                                                                                                                                                                                      • GetSystemInfo.KERNELBASE(?), ref: 0066091A
                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNELBASE(?), ref: 006609CD
                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00661003
                                                                                                                                                                                      • Process32First.KERNEL32(00000000,?), ref: 0066101B
                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 00661031
                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 00661103
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00661112
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 00661486
                                                                                                                                                                                      • RegEnumKeyExA.KERNELBASE(?,00000000,?,?), ref: 006614BD
                                                                                                                                                                                      • wsprintfA.USER32 ref: 006615A0
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00020019,?), ref: 006615C3
                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400), ref: 006616C2
                                                                                                                                                                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400), ref: 006617B9
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00661895
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006618B0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseTime$FileOpenQueryValue$LocalNameSystem$FindNextProcess32$CreateCurrentErrorFirstHandleInfoKeyboardLastLayoutListLocaleModuleProcessUserWindow$AllocComputerCopyDefaultDesktopDirectoryEnumFreeGlobalInformationMemoryProfileRectSnapshotSpecificStatusToolhelp32Unothrow_t@std@@@Wow64Zone__ehfuncinfo$??2@wsprintf
                                                                                                                                                                                      • String ID: 1.9$3"Y$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$6hR$>oST$POpq$dilda$z,^
                                                                                                                                                                                      • API String ID: 2403077049-527788428
                                                                                                                                                                                      • Opcode ID: 4a818bb3ac5efbdae14ca243ad003091a3cc68c55ed9b3c5b4c268b6a4b0e71e
                                                                                                                                                                                      • Instruction ID: bbe44f2556c0bb19008284e146c3ec08fd0a579ce1a9709dd165086825fc9203
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a818bb3ac5efbdae14ca243ad003091a3cc68c55ed9b3c5b4c268b6a4b0e71e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB3DFB4D05259CFDB25CF98C991AEEBBB1BF48300F244199E909B7341DB306A85CFA5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0058B8E0 Relevance: 105.6, APIs: 40, Strings: 17, Instructions: 5855fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058BA08
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058BAD2
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058BF80
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058C47A
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058C575
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058C969
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058CD72
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058D17B
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058D29A
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058D6F8
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058D9DC
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058DAD7
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058DE41
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000000), ref: 0058E55A
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058ECF6
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0058EEEA
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058F45B
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058F525
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 005901ED
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00590580
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0059088D
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00590DC4
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000000), ref: 0059173C
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00591904
                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00591CD7
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00591E6E
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00591FBE
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00590B14
                                                                                                                                                                                        • Part of subcall function 0065D2B0: CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,006E2B0C,00000001,0000002E,0000002F,?,006D83D1,3"Y,006D83D1), ref: 0065D78B
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00590F12
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058FEF1
                                                                                                                                                                                        • Part of subcall function 00663B20: GetLastError.KERNEL32 ref: 00663ED0
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058FC55
                                                                                                                                                                                        • Part of subcall function 0065D2B0: FindFirstFileA.KERNEL32(00000000,?), ref: 0065D4BB
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058F933
                                                                                                                                                                                        • Part of subcall function 00663B20: SetFileAttributesA.KERNEL32(?,00000080,?,?,007064F8,?,?), ref: 00663E3A
                                                                                                                                                                                        • Part of subcall function 00663B20: DeleteFileA.KERNEL32(?), ref: 00663E54
                                                                                                                                                                                        • Part of subcall function 00663B20: RemoveDirectoryA.KERNELBASE(?), ref: 00663EBB
                                                                                                                                                                                        • Part of subcall function 00663B20: std::_Throw_Cpp_error.LIBCPMT ref: 00663F97
                                                                                                                                                                                        • Part of subcall function 00663B20: std::_Throw_Cpp_error.LIBCPMT ref: 00663FA8
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058E6FA
                                                                                                                                                                                        • Part of subcall function 006433B0: FindFirstFileA.KERNELBASE(00000000,?,00000000), ref: 006434EF
                                                                                                                                                                                        • Part of subcall function 005A9070: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 005A910D
                                                                                                                                                                                        • Part of subcall function 005A9070: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 005A9155
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058DF3C
                                                                                                                                                                                        • Part of subcall function 00663B20: FindNextFileA.KERNELBASE(?,00000010), ref: 00663E68
                                                                                                                                                                                        • Part of subcall function 00663B20: FindClose.KERNEL32(?), ref: 00663E7A
                                                                                                                                                                                        • Part of subcall function 00663B20: GetLastError.KERNEL32 ref: 00663E80
                                                                                                                                                                                        • Part of subcall function 00663B20: SetFileAttributesA.KERNELBASE(?,00000080), ref: 00663E9D
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0058D5FD
                                                                                                                                                                                        • Part of subcall function 00663B20: FindFirstFileA.KERNELBASE(00000000,?,007064F8,?,?,?,\*.*,00000004), ref: 00663C95
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0058BB07
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058BD08
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0058BD37
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058C0CC
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058C196
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Directory$Create$File$Copy$Find$Cpp_errorThrow_std::_$AttributesErrorFirstLast$FolderPath___std_fs_convert_narrow_to_wide@20$CloseDeleteNextRemove
                                                                                                                                                                                      • String ID: .eN$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$<`L
                                                                                                                                                                                      • API String ID: 1172780710-464024716
                                                                                                                                                                                      • Opcode ID: 72161b76f1b7c0519de6505ec3708586e4a0807f4090364b843370886433543f
                                                                                                                                                                                      • Instruction ID: 80083db2b6f921f799843b54d5f0f24ac98491387d45c51573a8f95ffd2836a4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 72161b76f1b7c0519de6505ec3708586e4a0807f4090364b843370886433543f
                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F3DEB4D052998FDF25CF98C991AEEBBB1BF48300F104199E849B7341DB346A85CF66
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005FF730 Relevance: 105.5, APIs: 7, Strings: 52, Instructions: 2202COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?), ref: 006002CB
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,?,?,?,?,?,?), ref: 006005C7
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 006008C5
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00600C25
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00600F53
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000008,00000000,00000000,?), ref: 00601257
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00602001
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FolderPath$AttributesConcurrency::cancel_current_taskErrorFileLast
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$P!T$Q086$X0 $`<vT$`<vT$cannot compare iterators of different containers$cannot get value$type must be boolean, but is $type must be string, but is
                                                                                                                                                                                      • API String ID: 1974481932-3377599526
                                                                                                                                                                                      • Opcode ID: 3d5b54080cac3e088c81dc463ab04708ac1dbafcb9719237c8613a17e4e5f433
                                                                                                                                                                                      • Instruction ID: f5770b06accf226b86d4b7ce063d33fee86a703afbe88ce7aef7590a9d04db71
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5b54080cac3e088c81dc463ab04708ac1dbafcb9719237c8613a17e4e5f433
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF43F1B4D052698BDB25CF24C894BEEBBB5BF49304F1082D9E849A7281DB316F85CF51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006161D0 Relevance: 91.4, APIs: 4, Strings: 47, Instructions: 2129stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00616324
                                                                                                                                                                                      • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00616422
                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00616618
                                                                                                                                                                                      • lstrlen.KERNEL32(?), ref: 00618931
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                      • String ID: #iR@$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$HWg$K@z$MXg$UYw$X[y$_Ys$cannot use operator[] with a string argument with $cannot use push_back() with $g[}$k@z$nI?/$x<
                                                                                                                                                                                      • API String ID: 1311570089-1367517158
                                                                                                                                                                                      • Opcode ID: 0d82be3a0585a6ba21878471336d0ce559e948ce5ca3cc5ba117c6da7033679e
                                                                                                                                                                                      • Instruction ID: 4fb4c059bc76277563b802165290e5da9a3163b4165eb38ed27c0b35737bc05a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d82be3a0585a6ba21878471336d0ce559e948ce5ca3cc5ba117c6da7033679e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B4311B0D052A98FDB25CF28C894BEEBBB1BF49304F1481D9E449A7242DB316B85CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00611A60 Relevance: 79.0, APIs: 11, Strings: 33, Instructions: 1966fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00611AC7
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 0061207F
                                                                                                                                                                                      • FindNextFileA.KERNEL32(00000000,?), ref: 0061248C
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0061249C
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00612573
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00612639
                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 006127BD
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00612964
                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,?,00000000), ref: 00612C18
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00613158
                                                                                                                                                                                      • CredEnumerateA.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?), ref: 0061351D
                                                                                                                                                                                        • Part of subcall function 005B51EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,0059ABA8,?,?,?,005B1CF9,0059ABA8,006F69D8,00000000,0059ABA8), ref: 005B524B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CopyCreateDirectoryFind$Cpp_errorThrow_std::_$AttributesCloseCredEnumerateErrorExceptionFirstFolderLastNextPathRaise
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$KGa$WS{$WS{$cannot use operator[] with a string argument with $gUb$gUb
                                                                                                                                                                                      • API String ID: 2195218309-977541193
                                                                                                                                                                                      • Opcode ID: 2b2067fc32167323a146f678440e724d9124b7f8e1a82a57374668589bee6e37
                                                                                                                                                                                      • Instruction ID: 6a2795993949ad8cd3d0df85cabd1456da09c6966685320fa05597747bc7d70f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b2067fc32167323a146f678440e724d9124b7f8e1a82a57374668589bee6e37
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A33ECB4D052A98BDB25CF68C994BEDBBB1BF48300F1481DAE849A7341DB306B85CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00618A80 Relevance: 75.4, APIs: 4, Strings: 38, Instructions: 1876stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00618C78
                                                                                                                                                                                      • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00618D85
                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00618F78
                                                                                                                                                                                      • lstrlen.KERNEL32(?), ref: 0061AD4D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                      • String ID: #iR@$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$9lX$Gr}$K@z$]Xw$]Xw$_C|$cannot use operator[] with a string argument with $cannot use push_back() with $k@z$x<
                                                                                                                                                                                      • API String ID: 1311570089-653804416
                                                                                                                                                                                      • Opcode ID: 4657777a86a8c0f48528722f8c33926ab4cc40e7bd1e56838aa62ca66e049ddc
                                                                                                                                                                                      • Instruction ID: 0eb9c2e5e389fc51b63ca9f35ebc25393bfe469b4053c76caa44a45b6e2bcffa
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4657777a86a8c0f48528722f8c33926ab4cc40e7bd1e56838aa62ca66e049ddc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79231FB0D052698BDB25CF68C894BEDBBB1BF49304F1482D9E849A7281DB306BC5CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006549B0 Relevance: 67.6, APIs: 31, Strings: 4, Instructions: 6337fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,006D80C7,000000FF), ref: 00654A1C
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00654A43
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00654D09
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065506B
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 006561A7
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00656D42
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 006576CE
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0065779F
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00657AC2
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00657E2D
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00657EFE
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 006581E9
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?), ref: 00658479
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065862C
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00658906
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00658CEC
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?), ref: 006590A1
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00659254
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065952E
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00659914
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00657363
                                                                                                                                                                                        • Part of subcall function 0065D2B0: CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0065D906
                                                                                                                                                                                        • Part of subcall function 0065D2B0: GetLastError.KERNEL32 ref: 0065D950
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00659D4C
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 00659EA3
                                                                                                                                                                                        • Part of subcall function 0065B7E0: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0065B84D
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 00657003
                                                                                                                                                                                        • Part of subcall function 00663B20: SetFileAttributesA.KERNEL32(?,00000080,?,?,007064F8,?,?), ref: 00663E3A
                                                                                                                                                                                        • Part of subcall function 00663B20: DeleteFileA.KERNEL32(?), ref: 00663E54
                                                                                                                                                                                        • Part of subcall function 00663B20: RemoveDirectoryA.KERNELBASE(?), ref: 00663EBB
                                                                                                                                                                                        • Part of subcall function 00663B20: std::_Throw_Cpp_error.LIBCPMT ref: 00663F97
                                                                                                                                                                                        • Part of subcall function 00663B20: std::_Throw_Cpp_error.LIBCPMT ref: 00663FA8
                                                                                                                                                                                        • Part of subcall function 00663B20: GetLastError.KERNEL32 ref: 00663ED0
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?), ref: 006569F8
                                                                                                                                                                                        • Part of subcall function 0065D2B0: FindNextFileA.KERNEL32(00000000,?), ref: 0065D91C
                                                                                                                                                                                        • Part of subcall function 0065D2B0: FindClose.KERNEL32(00000000), ref: 0065D92C
                                                                                                                                                                                        • Part of subcall function 0065D2B0: GetLastError.KERNEL32 ref: 0065D932
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0065658D
                                                                                                                                                                                        • Part of subcall function 00663B20: FindNextFileA.KERNELBASE(?,00000010), ref: 00663E68
                                                                                                                                                                                        • Part of subcall function 00663B20: FindClose.KERNEL32(?), ref: 00663E7A
                                                                                                                                                                                        • Part of subcall function 00663B20: GetLastError.KERNEL32 ref: 00663E80
                                                                                                                                                                                        • Part of subcall function 00663B20: SetFileAttributesA.KERNELBASE(?,00000080), ref: 00663E9D
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 00655D1A
                                                                                                                                                                                        • Part of subcall function 0065D2B0: CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,006E2B0C,00000001,0000002E,0000002F,?,006D83D1,3"Y,006D83D1), ref: 0065D78B
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00655ECD
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?), ref: 00655712
                                                                                                                                                                                        • Part of subcall function 00663B20: FindFirstFileA.KERNELBASE(00000000,?,007064F8,?,?,?,\*.*,00000004), ref: 00663C95
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 006559D3
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 006553CB
                                                                                                                                                                                        • Part of subcall function 0065D2B0: FindFirstFileA.KERNEL32(00000000,?), ref: 0065D4BB
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Directory$Create$File$Find$ErrorLast$CopyCpp_errorThrow_std::_$AttributesFolderPath$CloseFirstNext$DeleteRemove
                                                                                                                                                                                      • String ID: 4oST$4oST$=lY$g]
                                                                                                                                                                                      • API String ID: 1140557632-3277889653
                                                                                                                                                                                      • Opcode ID: b73628a24ec499fb7cc1bc7aaf613f21137309e62a5e6f0b7996782f7105219b
                                                                                                                                                                                      • Instruction ID: 3e09a050e3610031276a354a6d72712fb6f306d7ce342ee513dc3962ba33a218
                                                                                                                                                                                      • Opcode Fuzzy Hash: b73628a24ec499fb7cc1bc7aaf613f21137309e62a5e6f0b7996782f7105219b
                                                                                                                                                                                      • Instruction Fuzzy Hash: DDF3F2B4C0529A8FCB15CFA8C991AEEBBB1BF48304F244199D94977341DB305B85CFA6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0061AEC0 Relevance: 64.6, APIs: 4, Strings: 32, Instructions: 1570stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0061B014
                                                                                                                                                                                      • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 0061B112
                                                                                                                                                                                      • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 0061B305
                                                                                                                                                                                      • lstrlen.KERNEL32(?), ref: 0061CA52
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$MXg$UYw$]?0$cannot use operator[] with a string argument with $cannot use push_back() with $g[`$k@z
                                                                                                                                                                                      • API String ID: 1311570089-684522203
                                                                                                                                                                                      • Opcode ID: a2f55afe79dd8ef61dca33f3206eb1eb70b9d8dd3af8a7a8f0e2da2ffb91e69f
                                                                                                                                                                                      • Instruction ID: b04b57f671f44c6796e0a52843bb4133dfb987701f214a954563dbbc091a8bff
                                                                                                                                                                                      • Opcode Fuzzy Hash: a2f55afe79dd8ef61dca33f3206eb1eb70b9d8dd3af8a7a8f0e2da2ffb91e69f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 130321B0D052698FDB25CF28C894BEDBBB5BF48304F1482D9E849A7242DB306B85CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00663B20 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 334fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 14723 663b20-663b73 call 5b2b89 14726 663f95-663f97 call 5b2524 14723->14726 14727 663b79-663b83 14723->14727 14729 663f9c-663fa8 call 5b2524 14726->14729 14727->14729 14730 663b89-663bd2 14727->14730 14732 663fad call 582c60 14729->14732 14730->14732 14733 663bd8-663bde 14730->14733 14737 663fb2 call 5b8c60 14732->14737 14735 663be2-663c04 call 59e8a0 14733->14735 14736 663be0 14733->14736 14741 663c06-663c12 14735->14741 14742 663c32-663ca1 call 582df0 FindFirstFileA 14735->14742 14736->14735 14743 663fb7-663fbf call 5b8c60 14737->14743 14744 663c14-663c22 14741->14744 14745 663c28-663c2f call 5b38e3 14741->14745 14752 663ca7 14742->14752 14753 663eda 14742->14753 14744->14737 14744->14745 14745->14742 14755 663cb0-663cb9 14752->14755 14754 663edc-663ee6 14753->14754 14756 663f14-663f30 14754->14756 14757 663ee8-663ef4 14754->14757 14758 663cc0-663cc5 14755->14758 14762 663f32-663f3e 14756->14762 14763 663f5a-663f94 call 5b2b9a 14756->14763 14759 663ef6-663f04 14757->14759 14760 663f0a-663f11 call 5b38e3 14757->14760 14758->14758 14761 663cc7-663cd2 14758->14761 14759->14743 14759->14760 14760->14756 14766 663cd4-663cd7 14761->14766 14767 663cdd-663ce0 14761->14767 14768 663f50-663f57 call 5b38e3 14762->14768 14769 663f40-663f4e 14762->14769 14766->14767 14773 663e5e-663e71 FindNextFileA 14766->14773 14774 663ce2-663ce5 14767->14774 14775 663cf3-663d19 14767->14775 14768->14763 14769->14743 14769->14768 14773->14755 14778 663e77-663e8b FindClose GetLastError 14773->14778 14774->14775 14779 663ce7-663ced 14774->14779 14775->14732 14777 663d1f-663d25 14775->14777 14780 663d27 14777->14780 14781 663d29-663d51 call 59e8a0 14777->14781 14778->14754 14782 663e8d-663e93 14778->14782 14779->14773 14779->14775 14780->14781 14789 663d54-663d59 14781->14789 14784 663e97-663ea5 SetFileAttributesA 14782->14784 14785 663e95 14782->14785 14787 663ea7-663eb0 14784->14787 14788 663eb2-663eb6 14784->14788 14785->14784 14787->14754 14790 663eba-663ec3 RemoveDirectoryA 14788->14790 14791 663eb8 14788->14791 14789->14789 14793 663d5b-663e09 call 598f00 call 582df0 * 3 14789->14793 14790->14753 14792 663ec5-663ece 14790->14792 14791->14790 14792->14754 14804 663e0b-663e1e call 663b20 14793->14804 14805 663e29-663e42 SetFileAttributesA 14793->14805 14804->14754 14810 663e24-663e27 14804->14810 14807 663ed0-663ed8 GetLastError 14805->14807 14808 663e48-663e5c DeleteFileA 14805->14808 14807->14754 14808->14773 14808->14807 14810->14773
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(00000000,?,007064F8,?,?,?,\*.*,00000004), ref: 00663C95
                                                                                                                                                                                      • SetFileAttributesA.KERNEL32(?,00000080,?,?,007064F8,?,?), ref: 00663E3A
                                                                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 00663E54
                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,00000010), ref: 00663E68
                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00663E7A
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00663E80
                                                                                                                                                                                      • SetFileAttributesA.KERNELBASE(?,00000080), ref: 00663E9D
                                                                                                                                                                                      • RemoveDirectoryA.KERNELBASE(?), ref: 00663EBB
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00663ED0
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00663F97
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00663FA8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Find$AttributesCpp_errorErrorLastThrow_std::_$CloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                      • API String ID: 460640838-1173974218
                                                                                                                                                                                      • Opcode ID: 0dcfb96019f4d98dd717d60e6269e5af8535f8cb885d8a5116213d0dd39f17a6
                                                                                                                                                                                      • Instruction ID: f360367f1eabd99a623352323ab2163923290f430b125d5cc07b75a5a8c1f546
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dcfb96019f4d98dd717d60e6269e5af8535f8cb885d8a5116213d0dd39f17a6
                                                                                                                                                                                      • Instruction Fuzzy Hash: CDD1EE70D01259CFDB10DFA8C9487EDBBB2BF81304F248259E454AB392D7719B89CB61
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0065B7E0 Relevance: 14.7, APIs: 5, Strings: 3, Instructions: 731fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 14867 65b7e0-65b8eb call 5b59a0 SHGetFolderPathA 14870 65b8f0-65b8f5 14867->14870 14870->14870 14871 65b8f7-65b913 call 583040 14870->14871 14874 65b916-65b91b 14871->14874 14874->14874 14875 65b91d-65b9fd call 59fbf0 call 598f00 14874->14875 14880 65b9ff-65ba0e 14875->14880 14881 65ba2e-65ba56 14875->14881 14882 65ba24-65ba2b call 5b38e3 14880->14882 14883 65ba10-65ba1e 14880->14883 14884 65ba87-65baba call 664050 14881->14884 14885 65ba58-65ba67 14881->14885 14882->14881 14883->14882 14886 65c3c6 call 5b8c60 14883->14886 14897 65c346-65c356 14884->14897 14898 65bac0-65bb7a call 59ab20 call 664120 14884->14898 14888 65ba7d-65ba84 call 5b38e3 14885->14888 14889 65ba69-65ba77 14885->14889 14895 65c3cb call 582c60 14886->14895 14888->14884 14889->14886 14889->14888 14904 65c3d0 call 582c60 14895->14904 14901 65c383-65c3c5 call 582df0 * 2 14897->14901 14902 65c358-65c367 14897->14902 14919 65bec4-65bf54 14898->14919 14920 65bb80-65bc60 call 59ab20 call 59ad80 call 582df0 call 664050 14898->14920 14905 65c379-65c380 call 5b38e3 14902->14905 14906 65c369-65c377 14902->14906 14915 65c3d5 call 582c60 14904->14915 14905->14901 14906->14905 14911 65c3da-65c3df call 5b8c60 14906->14911 14915->14911 14924 65bf57-65bf5c 14919->14924 14939 65bc87-65bd32 call 59ab20 14920->14939 14940 65bc62-65bc81 CreateDirectoryA 14920->14940 14924->14924 14926 65bf5e-65bf69 14924->14926 14926->14904 14928 65bf6f-65bfd7 call 59e8a0 call 664050 call 582df0 14926->14928 14928->14897 14942 65bfdd-65c0b1 call 59ab20 call 59ad80 call 582df0 call 664050 14928->14942 14948 65bd34 14939->14948 14949 65bd36-65bdc9 14939->14949 14940->14939 14943 65beb5-65bebf call 582df0 14940->14943 14964 65c0b3-65c0c9 CreateDirectoryA 14942->14964 14965 65c0cf-65c15f 14942->14965 14943->14919 14948->14949 14951 65bdd0-65bdd5 14949->14951 14951->14951 14953 65bdd7-65bde2 14951->14953 14953->14895 14955 65bde8-65be61 call 59e8a0 CopyFileA call 582df0 * 2 14953->14955 14973 65be63-65be6c 14955->14973 14974 65be6e-65beab call 582cf0 call 663b20 call 582df0 14955->14974 14964->14965 14967 65c337 14964->14967 14968 65c162-65c167 14965->14968 14969 65c33a-65c341 call 582df0 14967->14969 14968->14968 14971 65c169-65c172 14968->14971 14969->14897 14971->14915 14975 65c178-65c207 call 59e8a0 call 582df0 * 2 call 664050 14971->14975 14976 65beb0 14973->14976 14974->14976 14990 65c225-65c2f1 call 5963b0 call 59ab20 call 65d2b0 14975->14990 14991 65c209-65c21f CreateDirectoryA 14975->14991 14976->14943 14998 65c2f3-65c2fc 14990->14998 14999 65c2fe-65c332 call 582cf0 call 663b20 call 582df0 14990->14999 14991->14969 14991->14990 14998->14967 14999->14967
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0065B84D
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065BC79
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000000), ref: 0065BE33
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065C0C1
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065C217
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectory$Cpp_errorFileThrow_std::_$AttributesCopyErrorFolderLastPath
                                                                                                                                                                                      • String ID: 4oST$4oST$6l_
                                                                                                                                                                                      • API String ID: 1001086254-652797657
                                                                                                                                                                                      • Opcode ID: 604b529fcb6134c6d2348e6fa9ea2ccf311b5b18e8eb01f260449b1b4e34aadb
                                                                                                                                                                                      • Instruction ID: 76f33c134a4bdd8fb95711094e62210876d61ed69dfe517ea615aa765d18642c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 604b529fcb6134c6d2348e6fa9ea2ccf311b5b18e8eb01f260449b1b4e34aadb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 008225B4C0525ACFDB15CFA4C995BEEBBB1BF58300F204199D949B7241DB305A85CFA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0065C3E0 Relevance: 13.1, APIs: 5, Strings: 2, Instructions: 876COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15036 65c3e0-65c4fd call 5b59a0 SHGetFolderPathA 15039 65c500-65c505 15036->15039 15039->15039 15040 65c507-65c529 call 583040 15039->15040 15043 65c530-65c535 15040->15043 15043->15043 15044 65c537-65c599 call 59fbf0 15043->15044 15047 65c59b-65c5aa 15044->15047 15048 65c5ca-65c5f7 call 664050 15044->15048 15049 65c5c0-65c5c7 call 5b38e3 15047->15049 15050 65c5ac-65c5ba 15047->15050 15056 65c5fd-65c6c0 call 59ab20 call 664050 15048->15056 15057 65d21b-65d22b 15048->15057 15049->15048 15050->15049 15052 65d289 call 5b8c60 15050->15052 15059 65d28e call 582c60 15052->15059 15077 65c6e3-65c773 15056->15077 15078 65c6c2-65c6dd CreateDirectoryA 15056->15078 15060 65d255-65d288 call 582df0 15057->15060 15061 65d22d-65d239 15057->15061 15068 65d293 call 582c60 15059->15068 15064 65d24b-65d252 call 5b38e3 15061->15064 15065 65d23b-65d249 15061->15065 15064->15060 15065->15064 15069 65d29d-65d2a2 call 5b8c60 15065->15069 15079 65d298 call 582c60 15068->15079 15082 65c776-65c77b 15077->15082 15078->15077 15081 65d209 15078->15081 15079->15069 15084 65d20c-65d216 call 582df0 15081->15084 15082->15082 15085 65c77d-65c78d 15082->15085 15084->15057 15085->15059 15087 65c793-65c7fb call 59e8a0 call 664050 call 582df0 15085->15087 15094 65c801-65c8c1 call 59ab20 call 664050 15087->15094 15095 65ca0e-65ca9e 15087->15095 15104 65c8e4-65c9b3 call 5963b0 call 59ab20 call 65d2b0 15094->15104 15105 65c8c3-65c8de CreateDirectoryA 15094->15105 15096 65caa1-65caa6 15095->15096 15096->15096 15098 65caa8-65cab3 15096->15098 15098->15068 15100 65cab9-65cb1b call 59e8a0 call 664050 call 582df0 15098->15100 15118 65cb21-65cbe1 call 59ab20 call 664050 15100->15118 15119 65cd32-65ce4b 15100->15119 15124 65c9b5-65c9bb 15104->15124 15125 65c9bd-65c9fa call 582cf0 call 663b20 call 582df0 15104->15125 15105->15104 15107 65c9ff-65ca09 call 582df0 15105->15107 15107->15095 15133 65cbe3-65cc02 CreateDirectoryA 15118->15133 15134 65cc08-65ccd7 call 5963b0 call 59ab20 call 65d2b0 15118->15134 15120 65ce50-65ce55 15119->15120 15120->15120 15123 65ce57-65ce60 15120->15123 15123->15079 15127 65ce66-65cec8 call 59e8a0 call 664050 call 582df0 15123->15127 15124->15107 15125->15107 15127->15084 15150 65cece-65d014 call 59ab20 call 664050 15127->15150 15133->15134 15137 65cd23-65cd2d call 582df0 15133->15137 15153 65cce1-65cd1e call 582cf0 call 663b20 call 582df0 15134->15153 15154 65ccd9-65ccdf 15134->15154 15137->15119 15160 65d016-65d035 CreateDirectoryA 15150->15160 15161 65d03b-65d1ae call 5963b0 call 59ab20 call 65d2b0 15150->15161 15153->15137 15154->15137 15160->15161 15163 65d1fa-65d204 call 582df0 15160->15163 15173 65d1b0-65d1b6 15161->15173 15174 65d1b8-65d1f5 call 582cf0 call 663b20 call 582df0 15161->15174 15163->15081 15173->15163 15174->15163
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0065C44A
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065C6D9
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065C8DA
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065CBFA
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 0065D02D
                                                                                                                                                                                        • Part of subcall function 00663B20: FindFirstFileA.KERNELBASE(00000000,?,007064F8,?,?,?,\*.*,00000004), ref: 00663C95
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectory$Cpp_errorFileThrow_std::_$AttributesErrorFindFirstFolderLastPath
                                                                                                                                                                                      • String ID: 4oST$4oST
                                                                                                                                                                                      • API String ID: 2127212259-3962470393
                                                                                                                                                                                      • Opcode ID: 514e7389c325c253521f5e668791310fc33f242d6ae2566c4b90a3de149ba9b4
                                                                                                                                                                                      • Instruction ID: 37f2b6d91b38ddcac9735d30aa0a64092d98ba9747636895b3c4e218a8ebfece
                                                                                                                                                                                      • Opcode Fuzzy Hash: 514e7389c325c253521f5e668791310fc33f242d6ae2566c4b90a3de149ba9b4
                                                                                                                                                                                      • Instruction Fuzzy Hash: EAA2FFB4C05259CFDB25CFA8C991AEEBBB1BF48300F244199D949B7341DB305A85CFA6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00644130 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 535fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15180 644130-64418c 15181 6443b4-6443c8 call 5b39a3 15180->15181 15182 644192-6441a1 call 5b2b89 15180->15182 15181->15182 15189 6443ce-6443fa call 588710 call 5b38ce call 5b3952 15181->15189 15187 6441a7-6441b1 15182->15187 15188 6443ff-644401 call 5b2524 15182->15188 15191 644406-64455d call 5b2524 call 59ae80 call 5963b0 call 664870 DeleteFileA call 5b59a0 call 5b5260 call 5b59a0 call 5b5260 call 5b59a0 call 5b5260 15187->15191 15192 6441b7-6442af call 6677d0 call 59ab20 call 59ad80 call 589280 call 582df0 15187->15192 15188->15191 15189->15182 15250 644570-644575 call 598dc0 15191->15250 15251 64455f-644566 15191->15251 15220 644365-6443b3 call 5963b0 call 5b2b9a call 582df0 * 2 15192->15220 15221 6442b5-6442bc 15192->15221 15221->15220 15224 6442c2-6442ce GetPEB 15221->15224 15225 6442d0-6442e4 15224->15225 15228 6442e6-6442eb 15225->15228 15229 644337-644339 15225->15229 15228->15229 15234 6442ed-6442f3 15228->15234 15229->15225 15237 6442f5-64430a 15234->15237 15240 64430c 15237->15240 15241 64432d-644335 15237->15241 15244 644310-644323 15240->15244 15241->15229 15241->15237 15244->15244 15247 644325-64432b 15244->15247 15247->15241 15249 64433b-64435f 15247->15249 15249->15220 15249->15224 15256 64457a-644581 15250->15256 15252 644568 15251->15252 15253 64456a-64456e 15251->15253 15252->15253 15253->15256 15257 644585-644599 15256->15257 15258 644583 15256->15258 15259 64459d-6445b4 15257->15259 15260 64459b 15257->15260 15258->15257 15261 6445b6 15259->15261 15262 6445b8-6445d4 15259->15262 15260->15259 15261->15262 15263 6445d6 15262->15263 15264 6445d8-6445df 15262->15264 15263->15264 15265 6445e1 15264->15265 15266 6445e3-64469f call 5b5260 call 6677d0 15264->15266 15265->15266 15271 6446a2-6446a7 15266->15271 15271->15271 15272 6446a9-6446f7 call 583040 call 589280 call 6677d0 15271->15272 15279 6446fd-6447c3 call 588f20 call 6677d0 15272->15279 15280 6446f9 15272->15280 15285 6447c6-6447cb 15279->15285 15280->15279 15285->15285 15286 6447cd-6447e8 call 583040 call 589280 15285->15286 15290 6447ed-6447fc 15286->15290 15291 64481d-644826 15290->15291 15292 6447fe-644805 15290->15292 15293 644846-644873 call 582df0 * 2 15291->15293 15294 644828-64482f 15291->15294 15292->15291 15295 644807-644814 15292->15295 15294->15293 15296 644831-64483d 15294->15296 15295->15291 15300 644816-644818 15295->15300 15296->15293 15303 64483f-644841 15296->15303 15300->15291 15303->15293
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00644401
                                                                                                                                                                                        • Part of subcall function 005B2524: __EH_prolog3.LIBCMT ref: 005B2560
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00644412
                                                                                                                                                                                        • Part of subcall function 00664870: __fread_nolock.LIBCMT ref: 006649B9
                                                                                                                                                                                      • DeleteFileA.KERNELBASE(?), ref: 0064449B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cpp_errorThrow_std::_$DeleteFileH_prolog3__fread_nolock
                                                                                                                                                                                      • String ID: 131$4oST$4oST$dilda
                                                                                                                                                                                      • API String ID: 3880692912-3745965330
                                                                                                                                                                                      • Opcode ID: 5ac991f4b1a2a054fc7042bb7f371b90d0b9d9d6aa4007d89621e10d26c655c0
                                                                                                                                                                                      • Instruction ID: a3abd8446cd1a994293047cc1438d1980a505f48af5096a157640fd2ab377f9a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ac991f4b1a2a054fc7042bb7f371b90d0b9d9d6aa4007d89621e10d26c655c0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 36328DB4D00249DFCB05DF98C855BEEBBB2FF48304F248159E8056B392DB35AA45CB92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006433B0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15305 6433b0-643420 15306 643422 15305->15306 15307 64343a-6434e3 call 59ab20 15305->15307 15308 643424-643430 call 582df0 15306->15308 15313 6434e5 15307->15313 15314 6434e7-64350c FindFirstFileA call 582df0 15307->15314 15315 643432-643437 15308->15315 15313->15314 15318 643512-643516 15314->15318 15319 643813-64383d call 582df0 15314->15319 15315->15307 15320 643527-64352e 15318->15320 15321 643518-64351f 15318->15321 15324 643534-64353d 15320->15324 15325 6437e7-6437f7 FindNextFileA 15320->15325 15321->15325 15326 643525 15321->15326 15327 643540-643545 15324->15327 15325->15318 15328 6437fd-643806 GetLastError 15325->15328 15326->15324 15327->15327 15329 643547-643552 15327->15329 15328->15318 15330 64380c-64380d FindClose 15328->15330 15331 643554-643557 15329->15331 15332 64355d-643560 15329->15332 15330->15319 15331->15325 15331->15332 15333 643562-643565 15332->15333 15334 643573-643577 15332->15334 15333->15334 15335 643567-64356d 15333->15335 15336 643735-643767 call 583040 15334->15336 15337 64357d-643645 call 59ab20 15334->15337 15335->15325 15335->15334 15342 643793-64379f call 5a42a0 15336->15342 15343 643769-643791 15336->15343 15344 643648-64364d 15337->15344 15345 6437a2-6437a9 15342->15345 15343->15345 15344->15344 15347 64364f-64369f call 598f00 15344->15347 15349 6437d5-6437e3 15345->15349 15350 6437ab-6437b9 15345->15350 15355 6436a1-6436c0 15347->15355 15356 6436c2-6436ce call 5a42a0 15347->15356 15349->15325 15352 6437cb-6437d2 call 5b38e3 15350->15352 15353 6437bb-6437c9 15350->15353 15352->15349 15353->15352 15357 64383e-643843 call 5b8c60 15353->15357 15359 6436d1-6436de 15355->15359 15356->15359 15365 6436e0-6436ec 15359->15365 15366 64370c-643730 call 582df0 15359->15366 15367 643702-643709 call 5b38e3 15365->15367 15368 6436ee-6436fc 15365->15368 15366->15325 15367->15366 15368->15357 15368->15367
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileA.KERNELBASE(00000000,?,00000000), ref: 006434EF
                                                                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,00000010), ref: 006437EF
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006437FD
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0064380D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$File$CloseErrorFirstLastNext
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST
                                                                                                                                                                                      • API String ID: 819619735-2236699556
                                                                                                                                                                                      • Opcode ID: 7d23ebbb41c4012b46dd0ea307fbfc50da99c12342bada66fe4811e03d8408c2
                                                                                                                                                                                      • Instruction ID: 8c794a52fcaee2544d1cfd6668d3e8e4255bd4aabbab28b8cc2d1f36045e962a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d23ebbb41c4012b46dd0ea307fbfc50da99c12342bada66fe4811e03d8408c2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83D18AB0C002998FDB25CF98C9947EEBBB2BF45314F244299E449AB382D7746A85CF51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00678080 Relevance: 10.5, Strings: 8, Instructions: 484COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15526 678080-67809e call 679280 15529 6780a4-6780ad 15526->15529 15530 6786de-6786e4 15526->15530 15531 6780b3-6780b9 15529->15531 15532 6780af-6780b1 15529->15532 15534 6780bf-6780d0 15531->15534 15535 6780bb-6780bd 15531->15535 15533 6780d3-6780d9 15532->15533 15536 6780e3-6780ea 15533->15536 15537 6780db-6780e1 15533->15537 15534->15533 15535->15533 15538 6780f2-67810f call 6c7470 15536->15538 15539 6780ec 15536->15539 15537->15538 15542 678115-678127 call 5b59a0 15538->15542 15543 6786c8 15538->15543 15539->15538 15549 67816b-678170 15542->15549 15550 678129-678130 15542->15550 15544 6786ca 15543->15544 15546 6786cf-6786d4 call 6c8490 15544->15546 15556 6786d6-6786db 15546->15556 15552 678172-678179 15549->15552 15553 67817c-678234 call 6c7c40 15549->15553 15554 678132-678144 call 6c7110 15550->15554 15555 678149-678159 15550->15555 15552->15553 15564 678236-678244 call 6c4950 15553->15564 15565 678299-678308 call 6786f0 * 4 15553->15565 15554->15544 15555->15549 15563 67815b-678166 call 6c7110 15555->15563 15556->15530 15563->15544 15573 678247 15564->15573 15575 678249-67824e 15565->15575 15590 67830e 15565->15590 15573->15575 15576 678250-678257 15575->15576 15577 67825a-678262 15575->15577 15576->15577 15579 67869b-6786a1 15577->15579 15580 678268-67826d 15577->15580 15579->15544 15584 6786a3-6786ac 15579->15584 15580->15579 15583 678273-678278 15580->15583 15583->15579 15586 67827e-678298 15583->15586 15584->15546 15587 6786ae-6786b0 15584->15587 15587->15556 15589 6786b2-6786c7 15587->15589 15591 678313-678317 15590->15591 15591->15591 15592 678319-67832f 15591->15592 15593 678331-67833d 15592->15593 15594 678380 15592->15594 15595 678370-67837e 15593->15595 15596 67833f-678341 15593->15596 15597 678382-678395 call 6c3530 15594->15597 15595->15597 15598 678343-678362 15596->15598 15602 678397-67839a 15597->15602 15603 67839c 15597->15603 15598->15598 15600 678364-67836d 15598->15600 15600->15595 15604 67839e-6783e3 call 6786f0 call 678950 15602->15604 15603->15604 15609 6783e5-6783fe call 6c4950 15604->15609 15610 678403-678451 call 698da0 * 2 15604->15610 15609->15573 15610->15573 15617 678457-678482 call 6c4950 call 678a90 15610->15617 15622 678524-678532 15617->15622 15623 678488-67848d 15617->15623 15625 678641-67864b 15622->15625 15626 678538-67853d 15622->15626 15624 678490-678494 15623->15624 15624->15624 15627 678496-6784a7 15624->15627 15628 67865f-678663 15625->15628 15629 67864d-678652 15625->15629 15630 678540-678547 15626->15630 15631 6784b3-6784cb call 698f50 15627->15631 15632 6784a9-6784b0 15627->15632 15628->15575 15634 678669-67866f 15628->15634 15629->15628 15633 678654-678659 15629->15633 15635 67854d-67855c 15630->15635 15636 678549-67854b 15630->15636 15647 6784cd-6784e6 call 678a90 15631->15647 15648 6784e9-6784ee 15631->15648 15632->15631 15633->15575 15633->15628 15634->15575 15638 678675-67868e call 6c4950 call 678f50 15634->15638 15639 678568-67856e 15635->15639 15650 67855e-678565 15635->15650 15636->15639 15662 678693-678696 15638->15662 15640 678577-67857c 15639->15640 15641 678570-678575 15639->15641 15646 67857f-678581 15640->15646 15641->15646 15651 678583-67858a 15646->15651 15652 67858d-678594 15646->15652 15647->15648 15655 678505-67850f 15648->15655 15656 6784f0-678500 call 6c4950 15648->15656 15650->15639 15651->15652 15659 678596-6785a7 15652->15659 15660 6785c2-6785c4 15652->15660 15657 678511-678518 15655->15657 15658 67851b-67851e 15655->15658 15656->15655 15657->15658 15658->15622 15667 678520 15658->15667 15676 6785bf 15659->15676 15677 6785a9-6785bc call 6c4950 15659->15677 15665 6785c6-6785cd 15660->15665 15666 678630-67863b 15660->15666 15662->15575 15670 678626 15665->15670 15671 6785cf-6785d6 15665->15671 15666->15625 15666->15630 15667->15622 15678 67862d 15670->15678 15674 6785e2-678602 15671->15674 15675 6785d8-6785df 15671->15675 15683 678604 15674->15683 15684 67860a-67861b 15674->15684 15675->15674 15676->15660 15677->15676 15678->15666 15683->15684 15684->15666 15686 67861d-678624 15684->15686 15686->15678
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: @xl$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$no such vfs: %s$sqlite_rename_table
                                                                                                                                                                                      • API String ID: 0-1902741935
                                                                                                                                                                                      • Opcode ID: 82e5de6bf820d6904c0432cedc5e3e5060917d91e91194e1a0f00e54f3fc0706
                                                                                                                                                                                      • Instruction ID: ff4f224b9ab187b761bd4f10c35820af2e888f8b699fa870a5e6cb3d4890e56e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 82e5de6bf820d6904c0432cedc5e3e5060917d91e91194e1a0f00e54f3fc0706
                                                                                                                                                                                      • Instruction Fuzzy Hash: 22021670A40700AFEB209F25DC49BAB77E6AB40304F14852CE54E9B392DFB5EE45CB95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006452A0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST
                                                                                                                                                                                      • API String ID: 0-2236699556
                                                                                                                                                                                      • Opcode ID: 8cebb4a56691aef6a06756bd01d746ef974c2458856f266c19707b1393196d8e
                                                                                                                                                                                      • Instruction ID: 30cf764a842a67aee4d12f334ae4b8aed366a95f93d2021278125a13d90f0582
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cebb4a56691aef6a06756bd01d746ef974c2458856f266c19707b1393196d8e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D02DF70D04258DFDF14EFA8C9457DDBFB1AB84304F148199E8056B382DBB55E48DBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006BC8D0 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006BCA85
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006BCD87
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 885266447-0
                                                                                                                                                                                      • Opcode ID: be1a6da59457d9c21f204e53b49ecdb764926aa479f85a94437f7d6e2eaff229
                                                                                                                                                                                      • Instruction ID: 4899c4a3801e4b811ed644c25016158edf7230bdb336b9f0da304d6040406fbc
                                                                                                                                                                                      • Opcode Fuzzy Hash: be1a6da59457d9c21f204e53b49ecdb764926aa479f85a94437f7d6e2eaff229
                                                                                                                                                                                      • Instruction Fuzzy Hash: 66029FB0604602AFDB64CF28C850BEAB7E6BF88324F04866DE459C7750D775EE95CB81
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C001D Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2bb5bd4292d8a785e4399c711df7bbe85bf159ea8c45ac5dd6bb28b0f1b91103
                                                                                                                                                                                      • Instruction ID: 25031f06bea21e76ecd98d0f5fb2a42f9e4ab85f9b4e510f502a1445046f88fc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bb5bd4292d8a785e4399c711df7bbe85bf159ea8c45ac5dd6bb28b0f1b91103
                                                                                                                                                                                      • Instruction Fuzzy Hash: 03B1C07490060ACFCF288EE8C959FBEBFB1BB44710F186A1DD852A76D1C634AA41CB51
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005E3650 Relevance: 149.4, APIs: 3, Strings: 81, Instructions: 2365COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                        • Part of subcall function 00663FC0: CreateDirectoryA.KERNELBASE(?,00000000,00000005), ref: 00664005
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 005E5AD0
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 005E5DF5
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                        • Part of subcall function 00664050: std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 005E5CE6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectory$Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$=J ]$=J ]$GoST$GoST$HFd$HFd$HWg$HWg$K@z$K@z$K@z$K@z$MXg$MXg$MXg$MXg$O_w$O_w$UYw$UYw$UYw$UYw$_Ys$_Ys$_Ys$_Ys$g[}
                                                                                                                                                                                      • API String ID: 453214671-3780945421
                                                                                                                                                                                      • Opcode ID: af066d5522e4fa94385c48b80a1f9a923ca951834f9772ce006a3c56508fb90d
                                                                                                                                                                                      • Instruction ID: 0fb785ef137a7310addd06c25158ea7cc1e25133e38fe072feffe26166788004
                                                                                                                                                                                      • Opcode Fuzzy Hash: af066d5522e4fa94385c48b80a1f9a923ca951834f9772ce006a3c56508fb90d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C53CAB4D052A98FDB69DF14C894BDDBBB5BB48304F1041EAE44AA7282DB306F84CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005DE090 Relevance: 53.3, APIs: 10, Strings: 20, Instructions: 832COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 14085 5de090-5de196 call 58b8e0 call 5932d0 call 59ab20 CreateDirectoryA 14092 5de19c-5de1a0 14085->14092 14093 5de830-5de837 14085->14093 14094 5de1a2-5de1bd 14092->14094 14095 5de83d-5de8d9 call 5932d0 call 59ab20 CreateDirectoryA 14093->14095 14096 5def8e-5df273 call 582df0 14093->14096 14097 5de7f4-5de81f call 5963b0 call 65c3e0 14094->14097 14098 5de1c3-5de30c call 5963b0 * 4 call 5932d0 call 59ab20 call 59ad80 call 582df0 call 664050 14094->14098 14114 5def7f-5def89 call 582df0 14095->14114 14115 5de8df-5de8e3 14095->14115 14097->14093 14116 5de821-5de828 call 663b20 14097->14116 14156 5de32c-5de3ff call 5932d0 call 59ab20 call 59ad80 call 5962c0 call 582df0 * 2 call 664050 14098->14156 14157 5de30e-5de326 CreateDirectoryA 14098->14157 14114->14096 14119 5de8e5-5de900 14115->14119 14124 5de82d 14116->14124 14122 5de906-5dea4f call 5963b0 * 4 call 5932d0 call 59ab20 call 59ad80 call 582df0 call 664050 14119->14122 14123 5def43-5def6e call 5963b0 call 6549b0 14119->14123 14174 5dea6f-5deb42 call 5932d0 call 59ab20 call 59ad80 call 5962c0 call 582df0 * 2 call 664050 14122->14174 14175 5dea51-5dea69 CreateDirectoryA 14122->14175 14123->14114 14139 5def70-5def77 call 663b20 14123->14139 14124->14093 14145 5def7c 14139->14145 14145->14114 14209 5de41f-5de426 14156->14209 14210 5de401-5de419 CreateDirectoryA 14156->14210 14157->14156 14159 5de7a3-5de7ef call 582df0 * 5 14157->14159 14159->14094 14234 5deb44-5deb5c CreateDirectoryA 14174->14234 14235 5deb62-5deb69 14174->14235 14175->14174 14178 5deef2-5def3e call 582df0 * 5 14175->14178 14178->14119 14213 5de42c-5de4ec call 5932d0 call 59ab20 call 59ad80 call 582df0 call 664050 14209->14213 14214 5de52f-5de533 14209->14214 14210->14159 14210->14209 14265 5de4ee-5de50f CreateDirectoryA 14213->14265 14266 5de511-5de51b call 596290 14213->14266 14218 5de59d-5de5a1 14214->14218 14219 5de535-5de598 call 5932d0 14214->14219 14220 5de5f0-5de64e call 5932d0 14218->14220 14221 5de5a3-5de5ee call 5932d0 14218->14221 14232 5de653-5de741 call 582cf0 call 5932d0 call 59ab20 call 59ae20 call 5962c0 call 582df0 * 3 call 664050 14219->14232 14220->14232 14221->14232 14305 5de75d-5de79d call 5963b0 * 2 call 65d2b0 14232->14305 14306 5de743-5de75b CreateDirectoryA 14232->14306 14234->14178 14234->14235 14238 5deb6f-5dec2f call 5932d0 call 59ab20 call 59ad80 call 582df0 call 664050 14235->14238 14239 5dec72-5dec76 14235->14239 14289 5dec54-5dec5e call 596290 14238->14289 14290 5dec31-5dec52 CreateDirectoryA 14238->14290 14243 5dec78-5decdb call 5932d0 14239->14243 14244 5dece0-5dece4 14239->14244 14260 5dedae-5dee90 call 582cf0 call 5932d0 call 59ab20 call 59ae20 call 5962c0 call 582df0 * 3 call 664050 14243->14260 14250 5ded4b-5deda9 call 5932d0 14244->14250 14251 5dece6-5ded49 call 5932d0 14244->14251 14250->14260 14251->14260 14317 5deeac-5deeec call 5963b0 * 2 call 65d2b0 14260->14317 14318 5dee92-5deeaa CreateDirectoryA 14260->14318 14265->14266 14270 5de520-5de52a call 582df0 14265->14270 14266->14270 14270->14214 14294 5dec63-5dec6d call 582df0 14289->14294 14290->14289 14290->14294 14294->14239 14305->14159 14321 5de79f 14305->14321 14306->14159 14306->14305 14317->14178 14327 5deeee 14317->14327 14318->14178 14318->14317 14321->14159 14327->14178
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0058B8E0: CreateDirectoryA.KERNELBASE(?,00000000), ref: 0058BA08
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 005DE192
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 005DE322
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 005DE415
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 005DE50B
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 005DE757
                                                                                                                                                                                      • CreateDirectoryA.KERNELBASE(?,00000000), ref: 005DE8D5
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 005DEA65
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 005DEB58
                                                                                                                                                                                        • Part of subcall function 00664050: GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                        • Part of subcall function 00664050: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000), ref: 005DEC4E
                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-0000004C), ref: 005DEEA6
                                                                                                                                                                                        • Part of subcall function 006549B0: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,006D80C7,000000FF), ref: 00654A1C
                                                                                                                                                                                        • Part of subcall function 006549B0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00654A43
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectory$FolderPath$AttributesErrorFileLast
                                                                                                                                                                                      • String ID: 4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$4oST$rPw$rPw$voST$voST$wWs$wWs
                                                                                                                                                                                      • API String ID: 3066340180-3074812837
                                                                                                                                                                                      • Opcode ID: 69f8e08afaf843fe01a63ed14b32f3279fae3717491850262754cf5fe5a9220a
                                                                                                                                                                                      • Instruction ID: 535535a6905cc755781ec70da11ba18c999e92757948cb6054d77cc86b616009
                                                                                                                                                                                      • Opcode Fuzzy Hash: 69f8e08afaf843fe01a63ed14b32f3279fae3717491850262754cf5fe5a9220a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E39212B0C052A98FDB25EB64CC99BDDBBB4BB54304F1041EAD449A7282EB305F89CF55
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00661AD0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 291registryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15005 661ad0-661e28 call 5b59a0 RegGetValueA 15008 661e2a-661e39 15005->15008 15009 661e58-661e5c 15005->15009 15010 661e40-661e45 15008->15010 15011 661e62-661e94 call 5b59a0 GetComputerNameExA 15009->15011 15012 661f5d-661f70 15009->15012 15010->15010 15013 661e47-661e53 call 596130 15010->15013 15017 661e96-661e9f 15011->15017 15018 661eb8-661ebc 15011->15018 15013->15009 15019 661ea0-661ea5 15017->15019 15018->15012 15020 661ec2-661eed call 5b59a0 LsaOpenPolicy 15018->15020 15019->15019 15021 661ea7-661eb3 call 596130 15019->15021 15025 661f35-661f42 15020->15025 15026 661eef-661f00 LsaQueryInformationPolicy 15020->15026 15021->15018 15029 661f45-661f4a 15025->15029 15027 661f02-661f09 15026->15027 15028 661f2c-661f2f LsaClose 15026->15028 15030 661f0e-661f26 call 583440 LsaFreeMemory 15027->15030 15031 661f0b 15027->15031 15028->15025 15029->15029 15032 661f4c-661f58 call 596130 15029->15032 15030->15028 15031->15030 15032->15012
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegGetValueA.KERNELBASE(80000002,?,?,0001FFFF,?,?,00000104), ref: 00661E20
                                                                                                                                                                                      • GetComputerNameExA.KERNELBASE(00000002,?,00000104), ref: 00661E8C
                                                                                                                                                                                      • LsaOpenPolicy.ADVAPI32(00000000,00704684,00000001,?), ref: 00661EE5
                                                                                                                                                                                      • LsaQueryInformationPolicy.ADVAPI32(?,0000000C,?), ref: 00661EF8
                                                                                                                                                                                      • LsaFreeMemory.ADVAPI32(?), ref: 00661F26
                                                                                                                                                                                      • LsaClose.ADVAPI32(?), ref: 00661F2F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Policy$CloseComputerFreeInformationMemoryNameOpenQueryValue
                                                                                                                                                                                      • String ID: %wZ$4oST
                                                                                                                                                                                      • API String ID: 762890658-2776467258
                                                                                                                                                                                      • Opcode ID: 6b56dd40da8cf60e37bf9d2e6ff274bc834517420080dc5e324493b2f74ac0f6
                                                                                                                                                                                      • Instruction ID: b2baa7a8f24b55c81f077ddcf5bf022b3de1a68285d21b286653cc0c81a85152
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b56dd40da8cf60e37bf9d2e6ff274bc834517420080dc5e324493b2f74ac0f6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DE1FFB4D0425ACBDB15CF98C985BEEBBB5BF08304F244199E949BB341D7305A85CFA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00645940 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15373 645940-645972 WSAStartup 15374 645a46-645a4f 15373->15374 15375 645978-6459a2 call 6677d0 * 2 15373->15375 15380 6459a4-6459a8 15375->15380 15381 6459ae-6459f4 getaddrinfo 15375->15381 15380->15374 15380->15381 15382 6459f6-6459fc 15381->15382 15383 645a40 WSACleanup 15381->15383 15384 645a54-645a5e FreeAddrInfoW 15382->15384 15385 6459fe 15382->15385 15383->15374 15384->15383 15386 645a60-645a68 15384->15386 15387 645a04-645a18 socket 15385->15387 15387->15383 15388 645a1a-645a2a connect 15387->15388 15389 645a50 15388->15389 15390 645a2c-645a34 closesocket 15388->15390 15389->15384 15390->15387 15391 645a36-645a3a FreeAddrInfoW 15390->15391 15391->15383
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 448659506-0
                                                                                                                                                                                      • Opcode ID: e7e8cb3b0a870c71bd2a64a622cb189af820c7298427b6f53c4e492fcbdf4a47
                                                                                                                                                                                      • Instruction ID: dcc519960235adec741569535657ed677e4efba7be30fc2c4a20ba58055c5df3
                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e8cb3b0a870c71bd2a64a622cb189af820c7298427b6f53c4e492fcbdf4a47
                                                                                                                                                                                      • Instruction Fuzzy Hash: B031C1329097009BD7209F64DC84B6ABBE7FB85734F14171EF8A6D32E1D73098448A92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00589280 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 15392 589280-5892dd call 5963b0 15395 589413-589521 call 582df0 call 6677d0 15392->15395 15396 5892e3-5892e9 15392->15396 15412 589523-589535 15395->15412 15413 589537-58953f call 598dc0 15395->15413 15398 5892f0-589313 15396->15398 15400 589324-589331 15398->15400 15401 589315-58931f 15398->15401 15403 589342-58934f 15400->15403 15404 589333-58933d 15400->15404 15402 589403-589406 15401->15402 15406 589409-58940d 15402->15406 15407 589360-58936d 15403->15407 15408 589351-58935b 15403->15408 15404->15402 15406->15395 15406->15398 15410 58937e-58938b 15407->15410 15411 58936f-589379 15407->15411 15408->15402 15414 589399-5893a6 15410->15414 15415 58938d-589397 15410->15415 15411->15402 15416 589544-589597 call 6677d0 * 2 15412->15416 15413->15416 15418 5893a8-5893b2 15414->15418 15419 5893b4-5893c1 15414->15419 15415->15402 15429 589599-5895c8 call 6677d0 call 5b5260 15416->15429 15430 5895cb-5895e1 call 6677d0 15416->15430 15418->15402 15421 5893cf-5893dc 15419->15421 15422 5893c3-5893cd 15419->15422 15424 5893ea-5893f4 15421->15424 15425 5893de-5893e8 15421->15425 15422->15402 15424->15406 15428 5893f6-5893ff 15424->15428 15425->15402 15428->15402 15429->15430 15436 5896e2 15430->15436 15437 5895e7-5895ed 15430->15437 15440 5896e6-5896f0 15436->15440 15439 5895f0-5896ce GetModuleHandleA GetProcAddress WSASend 15437->15439 15441 58975f-589763 15439->15441 15442 5896d4-5896dc 15439->15442 15443 58971e-58973d 15440->15443 15444 5896f2-5896fe 15440->15444 15441->15440 15442->15436 15442->15439 15445 58976f-589796 15443->15445 15446 58973f-58974b 15443->15446 15447 589700-58970e 15444->15447 15448 589714-58971b call 5b38e3 15444->15448 15449 58974d-58975b 15446->15449 15450 589765-58976c call 5b38e3 15446->15450 15447->15448 15451 589797-5897fe call 5b8c60 call 582df0 * 2 15447->15451 15448->15443 15449->15451 15454 58975d 15449->15454 15450->15445 15454->15450
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(Ws2_32.dll), ref: 005896A6
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 005896B4
                                                                                                                                                                                      • WSASend.WS2_32(?,?,00000001,?,00000000,00000000,00000000), ref: 005896C9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressHandleModuleProcSend
                                                                                                                                                                                      • String ID: 4oST$4oST$Ws2_32.dll
                                                                                                                                                                                      • API String ID: 2819740048-1839276265
                                                                                                                                                                                      • Opcode ID: 3220401241038fa18762d3a8daa77d07aeda79d4fb1a927916b189adcb00d4f3
                                                                                                                                                                                      • Instruction ID: 13ea050ec9779b81eeff784ac562a49081f77b446c843f8a515a4a359a31dde6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3220401241038fa18762d3a8daa77d07aeda79d4fb1a927916b189adcb00d4f3
                                                                                                                                                                                      • Instruction Fuzzy Hash: EF02CB70D04298DFDF25DFA4C8907ADBFB0FF55314F284289E8866B686D7701986CB92
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C8900 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 822338774a1b8ea60f019c5abe9955702119d0ed444e1e064332341473fd9022
                                                                                                                                                                                      • Instruction ID: 937fd735b6b4a4a3290fd3d22016ba067fc6bb89f61c6acf54598474fccfbf62
                                                                                                                                                                                      • Opcode Fuzzy Hash: 822338774a1b8ea60f019c5abe9955702119d0ed444e1e064332341473fd9022
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80B1BFB0A0464AAFDB119FD8C885FBE7FB1BB85314F18419DE4149B392CB749D81CB64
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00662BA0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00662C3F
                                                                                                                                                                                      • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00662F4B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DirectoryInformationVolumeWindows
                                                                                                                                                                                      • String ID: 4oST$be
                                                                                                                                                                                      • API String ID: 3487004747-1578759084
                                                                                                                                                                                      • Opcode ID: 5892ecfec0b3b041cf95d487ca72bfbe25ef839561eadf0a641ba98f83c5fbeb
                                                                                                                                                                                      • Instruction ID: d7ac075cd8d73adb9794d905de38f3449490069702ed5937e578f1c0fa432e7b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5892ecfec0b3b041cf95d487ca72bfbe25ef839561eadf0a641ba98f83c5fbeb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F147B0C0124A9FDB15CFA8C995BEEFBB1BF44304F244159E405BB341D7716A85CBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00653B40 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 278fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CopyFileA.KERNEL32(?,?,00000000), ref: 00653DD0
                                                                                                                                                                                        • Part of subcall function 00653F50: GetLastError.KERNEL32(?,00000000), ref: 00653F83
                                                                                                                                                                                        • Part of subcall function 00653F50: 6E277CF0.RSTRTMGR(?,00000000,?), ref: 00654000
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00653F34
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00653F45
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cpp_errorThrow_std::_$CopyE277ErrorFileLast
                                                                                                                                                                                      • String ID: 4oST
                                                                                                                                                                                      • API String ID: 911205731-3759581069
                                                                                                                                                                                      • Opcode ID: 9db619d2fe55ba736a6d8acac9d60f28becba643e0b48d5b7d9d3eded6652360
                                                                                                                                                                                      • Instruction ID: c33be0a8502ce6a2ef5448ba1b002cf4c094cdb77a654c4e94d8a79e3da4876a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9db619d2fe55ba736a6d8acac9d60f28becba643e0b48d5b7d9d3eded6652360
                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D157B0C01249DBDB14DFA8C9557EEBFB1BF55304F244299D80977382EB345A89CBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00611680 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 264registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 006118A9
                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?), ref: 006118CC
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006118D7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                      • String ID: 4oST
                                                                                                                                                                                      • API String ID: 3677997916-3759581069
                                                                                                                                                                                      • Opcode ID: ff789d02da03f46eb8f29bc17915d87cd62d1ab5966e0cbb7a6d159394e3ec90
                                                                                                                                                                                      • Instruction ID: 5bfe7cd2ba92a0373c9d1d9ace0f2ebde26de5cf4b3ffb7ef8e056977d9f88ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff789d02da03f46eb8f29bc17915d87cd62d1ab5966e0cbb7a6d159394e3ec90
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BC125B0D0525A9FDB14CFA8C985BEEBBB1BF48310F244159E914BB381D7346A84CFA1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00664050 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005), ref: 006640AC
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 006640B7
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 006640FF
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00664110
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 995686243-0
                                                                                                                                                                                      • Opcode ID: 9d3cbd08286845e5545fca0de44204043866c039d4551daccac38bda18a6e56f
                                                                                                                                                                                      • Instruction ID: 870c148416f2ba89bf1a4ef0533ef3923c34ce36ba3c6e09ace4b04dd3ea9874
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d3cbd08286845e5545fca0de44204043866c039d4551daccac38bda18a6e56f
                                                                                                                                                                                      • Instruction Fuzzy Hash: A6117671904251DFCB345F689C197E97BA7EB03734F240325E9359FBC0DF22896886A2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005CB9C2 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,005BD2A1,?), ref: 005CB9CA
                                                                                                                                                                                      • GetLastError.KERNEL32(?,005BD2A1,?), ref: 005CB9D4
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 005CB9DB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1545401867-0
                                                                                                                                                                                      • Opcode ID: 90617cad62c082631d03a6c5bc5ac537aa9016297b5a97aa0c847db740854ee5
                                                                                                                                                                                      • Instruction ID: c1b4e780a066e8200e83f59001866e6df8d8f35864b4f12f039e777023987215
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90617cad62c082631d03a6c5bc5ac537aa9016297b5a97aa0c847db740854ee5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74D022320092087B8B002BF2BC0DE163F1EABC0378B181216F02CC80A0DF32C8808141
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006649F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                      • String ID: 4oST
                                                                                                                                                                                      • API String ID: 2638373210-3759581069
                                                                                                                                                                                      • Opcode ID: 7e42ffd54b1cd49a256bc825063568773be0a5cdd7b5c628955af0755d47b2a1
                                                                                                                                                                                      • Instruction ID: 5b19277eaeb37d3e11e38c0b846bf06ae754c19696923342b9d63340885df0e6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e42ffd54b1cd49a256bc825063568773be0a5cdd7b5c628955af0755d47b2a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D515EB0D042499BCB20DF98C946BAEFBF1FF44700F20011DE8416B381DB75AA45CBA2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00664870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                      • String ID: 4oST
                                                                                                                                                                                      • API String ID: 2638373210-3759581069
                                                                                                                                                                                      • Opcode ID: c91e78deb482296c310711d078886bde60ad9ec7c45c5b9c0c45c6dba021c87b
                                                                                                                                                                                      • Instruction ID: 4e81925e2cecd373efe4dc43bd7ee9ae95be3564c048d28f51fa9095690467f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: c91e78deb482296c310711d078886bde60ad9ec7c45c5b9c0c45c6dba021c87b
                                                                                                                                                                                      • Instruction Fuzzy Hash: A3415DB0D00249DFCB10DF99C885BEEBBB5FF48700F144159E814AB381E735A902CBA6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C9779 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 005C8E8F: GetConsoleOutputCP.KERNEL32(98B540BF,00000000,00000000,005BD0B7), ref: 005C8EF2
                                                                                                                                                                                      • WriteFile.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,?,006641EC,?,005BCFD7,006641EC,?,006F6E10,00000010,005BD0B7), ref: 005C98FE
                                                                                                                                                                                      • GetLastError.KERNEL32(?,005BCFD7,006641EC,?,006F6E10,00000010,005BD0B7,006641EC,?,00000000), ref: 005C9908
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2915228174-0
                                                                                                                                                                                      • Opcode ID: 9dbae71151ae784122d0f46edbbb350fc784ff6b4339345303810d74bc0aa5b6
                                                                                                                                                                                      • Instruction ID: 8d58bbe3d8a5b8363d21c634985807bd06668354e304b947fecf85974e6334de
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dbae71151ae784122d0f46edbbb350fc784ff6b4339345303810d74bc0aa5b6
                                                                                                                                                                                      • Instruction Fuzzy Hash: FC618D7290411AAFDF119FE8C888FEEBFB9BB4A304F14054DE904A7256D736D941CBA0
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006539A0 Relevance: 3.1, APIs: 2, Instructions: 131COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00653B1A
                                                                                                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00653B2B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2134207285-0
                                                                                                                                                                                      • Opcode ID: 2a4b6e64a6cb23af4ae6a7b80ab9b7255c1e439c3bcabc5a8a12954c45563e26
                                                                                                                                                                                      • Instruction ID: cc5059400ea9befbbd5ed11e185662f85f5ab2755e2e5976510e4e286ed64c37
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a4b6e64a6cb23af4ae6a7b80ab9b7255c1e439c3bcabc5a8a12954c45563e26
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D411671E00202CBC724DF28DD5176ABBE5FB80710F184329E85157385EB75AA14CBE5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C8DEF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,005C8CD6,00000000,CF830579,006F7178,0000000C,005C8D92,005BD06D,?), ref: 005C8E45
                                                                                                                                                                                      • GetLastError.KERNEL32(?,005C8CD6,00000000,CF830579,006F7178,0000000C,005C8D92,005BD06D,?), ref: 005C8E4F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1687624791-0
                                                                                                                                                                                      • Opcode ID: 29bd7f040d35b43e26140018ae2464dd4ee985ef0c4325e65a377050f6d4c345
                                                                                                                                                                                      • Instruction ID: c80b9baaa0d56fc93caaa52b1d8e60c767b09d2d09e9da0d08bd17090f09c5b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 29bd7f040d35b43e26140018ae2464dd4ee985ef0c4325e65a377050f6d4c345
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C11E536A042105ED62526F4A94EF7E2F4DAB82734F29065DF8189B2D2DF719C80C195
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C250C Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(00000000,00000000,005BD0B7,00000000,00000002,00000000,00000000,00000000,00000000,?,005C2646,00000000,00000000,005BD0B7,00000002,00000000), ref: 005C2548
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,005C2646,00000000,00000000,005BD0B7,00000002,00000000,?,005C981E,00000000,00000000,00000000,00000002,005BD0B7,00000000), ref: 005C2555
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                      • Opcode ID: 369f3ce6f9fa430ddb514bfb4bb6dc2aebf8fbd28660bc168c2f1576b5683cd8
                                                                                                                                                                                      • Instruction ID: a20d0d88fc61494125f00d1b3c157b0b06bf35c49c213bc2ea134b8b0ff25cd4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 369f3ce6f9fa430ddb514bfb4bb6dc2aebf8fbd28660bc168c2f1576b5683cd8
                                                                                                                                                                                      • Instruction Fuzzy Hash: CA01C432614515AFCF058F99EC19E9F3F29EB85320F240209F8119B291E671EA918B90
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005CB00C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,005D1B36,?,00000000,?,?,005D1DD7,?,00000007,?,?,005D22CB,?,?), ref: 005CB022
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,005D1B36,?,00000000,?,?,005D1DD7,?,00000007,?,?,005D22CB,?,?), ref: 005CB02D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                      • Opcode ID: 436c163b63d67807dd9b234b3eaece09966fc4256bdfc5833e97435902004cd1
                                                                                                                                                                                      • Instruction ID: 0479c639774227bc14af3e2f6383c71870e988f5d475f8fb0f857ccdeb3f17bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 436c163b63d67807dd9b234b3eaece09966fc4256bdfc5833e97435902004cd1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FE08C32504604AFDB212BE4EC0DF9A3F5AFB40355F084069F60CA7061DB398890CB89
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00595350 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0059546E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                      • Opcode ID: 56954a002820aa30db47d5a9d6176d3a9bda4e2b80b7ef1ffbee37294c42855c
                                                                                                                                                                                      • Instruction ID: 14306b37bf1e88a8611d6d5dcefc31b5ac8f456a56fbe3e9ba0df5c345a1c695
                                                                                                                                                                                      • Opcode Fuzzy Hash: 56954a002820aa30db47d5a9d6176d3a9bda4e2b80b7ef1ffbee37294c42855c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69617BB1A01615DFCB11CF59C984B5ABBF4FF48710F14816EE4199B391D775D901CB90
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005A3800 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 005A39F6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                      • Opcode ID: 2eb95ceaed4b124ffc4114fa4c0df12e788aad1587a0cdcf2b191dd49a90b40c
                                                                                                                                                                                      • Instruction ID: 939b1efd026d4e64ab95d6713c5c3a227dda408ab8549b9100eb8a97cb201531
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2eb95ceaed4b124ffc4114fa4c0df12e788aad1587a0cdcf2b191dd49a90b40c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D51B4B1A00205DFDB08DF68DD96A9EFFA5BB89304F104229F405EB391DB75AA048BD1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005B8DF2 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 680e93d5d2a92bc1206685dce8a7ad5ecb83b1ae3ebb9eec0d78a82787a74955
                                                                                                                                                                                      • Instruction ID: 48bc94eb74d88f999c0cf5b1e499533807b12e6b95122e14db799ec939db37fe
                                                                                                                                                                                      • Opcode Fuzzy Hash: 680e93d5d2a92bc1206685dce8a7ad5ecb83b1ae3ebb9eec0d78a82787a74955
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69519470A00205EFDB14DF58C885AFA7FAAFB89314F289159F8099B352D771ED81CB90
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005A9E20 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 005A9F7B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                      • Opcode ID: 9725dd78bcf2699034c22ed2f3cab162847cf46e50b6caed5873c0cd26ece505
                                                                                                                                                                                      • Instruction ID: f578efbafc130cc9267f38afaf9dab43b4b0ce7e6fa592fd301ce06e6b67ab8f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9725dd78bcf2699034c22ed2f3cab162847cf46e50b6caed5873c0cd26ece505
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD41AF72A001259FCB14DF6CC945AAEBFB9FB89350F244229E815E7385D770AE018BE0
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00586870 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00586908
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ___std_fs_directory_iterator_open@12
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 29801545-0
                                                                                                                                                                                      • Opcode ID: cc3f79ab37948daf42f20f8c340cafd73ef3b7143eb14d17ae66da3beda90564
                                                                                                                                                                                      • Instruction ID: 5a107d1d6fd0153db100a721c8ffc20b52d8dc58713944a03e672217b1db0511
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc3f79ab37948daf42f20f8c340cafd73ef3b7143eb14d17ae66da3beda90564
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73217176E00619ABCB14EF48D855BAEBBB4FB84721F10066AED1963780DB356D05CBE0
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 006630B0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetupDiGetClassDevsA.SETUPAPI(006DA560,00000000,00000000), ref: 006630F7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClassDevsSetup
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2330331845-0
                                                                                                                                                                                      • Opcode ID: 7708e7244ee6321c96cb2f8a37d1d874722ebb5af4ebd1ccb5484f6c6574e6b9
                                                                                                                                                                                      • Instruction ID: 69b379c87c8344060091954945ee477a62d0471fe67403080564b8b8244d5c77
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7708e7244ee6321c96cb2f8a37d1d874722ebb5af4ebd1ccb5484f6c6574e6b9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41110BB0D08748ABE3208F28D906717FBF1EB01B20F10432EE851573C0E7B6AA5887D2
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005832D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0058331F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                                                                      • Opcode ID: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                                                                      • Instruction ID: 1a597648b09c67b14ab9d32b72b1a3069ec1d8c9bef190d329bd17c5bafcbb0f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DF0B4721001059BCB147F64D4199E9BBE8FF543A2710097AFC8DE7212EF36EA40C790
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005CB9EA Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 005CB086: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005CB0B8
                                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(00000000,?,?,?), ref: 005CBA47
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                      • Opcode ID: 57c6aad247e513a3c7fbe090624abcea687c9b8b515e78836897b61c8bb3ebaa
                                                                                                                                                                                      • Instruction ID: 6cb9248d566686542e7c9f26af6c28115b1dd542de3136a7c2ea11d1fd9fa936
                                                                                                                                                                                      • Opcode Fuzzy Hash: 57c6aad247e513a3c7fbe090624abcea687c9b8b515e78836897b61c8bb3ebaa
                                                                                                                                                                                      • Instruction Fuzzy Hash: F6F0C831511511AEFB316BE6AC0BF7B3F59BFC1771F14021DF89466191EB20DC4081A1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005CA64C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,000000FF,00000000), ref: 005CA68D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                      • Opcode ID: 577c617d671873a601d986bbb8e211c3da839283a596f32551a5aa9d954f8505
                                                                                                                                                                                      • Instruction ID: 5f7d1b156eda26614b6f63c1563c72db3c850de8497d215079bfb77d1529beba
                                                                                                                                                                                      • Opcode Fuzzy Hash: 577c617d671873a601d986bbb8e211c3da839283a596f32551a5aa9d954f8505
                                                                                                                                                                                      • Instruction Fuzzy Hash: 00F0E032D005295FDB225BF29C09F563F59BF81774B1D4119E805DA150DB34DC8086E6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005CB086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 005CB0B8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                      • Opcode ID: 75a7a9eb43b5f0473627c63173c5953f555980de720435390d35ee4ede65590e
                                                                                                                                                                                      • Instruction ID: fc64ff84d6d81ecf72dcb5f4ebcc692a82ee7c6aa4211b0a687d148cc1d644b2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 75a7a9eb43b5f0473627c63173c5953f555980de720435390d35ee4ede65590e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 42E030315415116EFA3127F59C0EF5B6E99BF813A0F150129ED25B70D2DB649C4081E5
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00586840 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00586853
                                                                                                                                                                                        • Part of subcall function 005B1F6B: FindNextFileW.KERNELBASE(?,?,?,00586858,?,?,?,?,0058691A,?,?,?,00000000,?,?), ref: 005B1F74
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3878998205-0
                                                                                                                                                                                      • Opcode ID: fff74abef5ad4ab776fc00913f1374bcbb9169b1c9b3633ac3d7d852fcb85055
                                                                                                                                                                                      • Instruction ID: 91b4683b4830358e469d40f5cec44701e992c343e2f2fe6d91cd701fc87585d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: fff74abef5ad4ab776fc00913f1374bcbb9169b1c9b3633ac3d7d852fcb85055
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FD0A921700822110F64762B381C8BF0EC96DC6BF0B80006ABD4DF3242FE008C0382A6
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 005C66C5 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085670647.0000000000581000.00000040.00000001.01000000.00000003.sdmp, Offset: 00580000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085649478.0000000000580000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085670647.0000000000712000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.000000000071C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000721000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085848579.0000000000724000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                                      • Opcode ID: 818a4488c924f564890b7bad9d019eaadb901c1adc6dd5dcf7c64c3912ffd961
                                                                                                                                                                                      • Instruction ID: ad6629f7ffd11b6174a9562b461983df810ca72c1aaff117a6ca991e8526eb41
                                                                                                                                                                                      • Opcode Fuzzy Hash: 818a4488c924f564890b7bad9d019eaadb901c1adc6dd5dcf7c64c3912ffd961
                                                                                                                                                                                      • Instruction Fuzzy Hash: 72E09AB2D0020E9ADF00DFE4C586FEFBBBCBB44310F504066A205E6141EB78A744CBA1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0087EB8C Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0087EBB7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2085940359.0000000000871000.00000040.00000001.01000000.00000003.sdmp, Offset: 00727000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000727000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000857000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000900000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2085940359.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_580000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                      • Opcode ID: 41fad590f6ef5185148255f5165f52fc19730a4808fe9f9f5b171b348ba74a60
                                                                                                                                                                                      • Instruction ID: 5afb5e39029e1de8c2ce3f8eb9e68fec2c21be6d7e7aa7ba3cae83a5df18b8f7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 41fad590f6ef5185148255f5165f52fc19730a4808fe9f9f5b171b348ba74a60
                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE0EC753141089BDF60CE5CD844B5B379DF78C324F10C411F50AE7208C274EC50A7A1
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%